YouPHPTube Encoder RCE

Febna V M
Published on
16 Jun 2021

YouPHPTube is the most well-known American based video-sharing service. YouPHPTube Encoder has a Remote Code Execution flaw. A command injection was discovered in YouPHPTube Encoder. An effective attacker may cause an attack to compromise the server. YouPHPTube Encoder 2.3, a module for providing encoder features in YouPHPTube, contains exploitable unauthorised command injections.The base64Url parameter in /objects/getImage.php is susceptible to a command injection attack.

Mitigation / Precaution

  • Sanitize all parameters received as input from the user.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment