Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Mar 5, 2026

YouPHPTube <= 7.8 - Directory Traversal

CVE-2021-47749

Description

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.

Affected products

Youphptube/YouphptubeOSV
Range: 2.2, 2.7, 3.4, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51101mitreexploit
www.vulncheck.com/advisories/youphptube-directory-traversalmitrethird-party-advisory
web.archive.org/web/20170506141644/https://www.youphptube.com/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000