Unrated severityNVD Advisory· Published Nov 2, 2019· Updated Aug 5, 2024
CVE-2019-18662
CVE-2019-18662
Description
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- YouPHPTube/YouPHPTubedescription
- Range: <=7.7
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/155564/YouPHPTube-7.7-SQL-Injection.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Dec/9mitremailing-listx_refsource_FULLDISC
- github.com/YouPHPTube/YouPHPTube/issues/2202mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.