CVE-2021-25874
HIGHyouphptube < 10.0 - Unauthenticated SQL Injection via catName Parameter
Title source: llmDescription
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
References (3)
Core 3
Core References
Broken Link, Product, URL Repurposed x_refsource_misc
http://avideoyouphptube.com
Product
https://synacktiv.com
Exploit, Vendor Advisory
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf
Scores
CVSS v3
7.5
EPSS
0.0168
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
youphptube/youphptube
< 10.0
Published
Nov 01, 2021
Tracked Since
Feb 18, 2026