CVE-2021-25877
HIGHyouphptube < 10.0 - Authenticated Arbitrary File Write via save.php
Title source: llmDescription
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
References (3)
Core 3
Core References
Broken Link, Product, URL Repurposed x_refsource_misc
http://avideoyouphptube.com
Product x_refsource_misc
https://synacktiv.com
Exploit, Vendor Advisory x_refsource_misc
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf
Scores
CVSS v3
7.2
EPSS
0.0310
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
youphptube/youphptube
< 10.0
Published
Nov 01, 2021
Tracked Since
Feb 18, 2026