Vulnerability
YouPHPTube is the most well-known American based video-sharing service. YouPHPTube Encoder has a Remote Code Execution flaw. A command injection was discovered in YouPHPTube Encoder. An effective attacker may cause an attack to compromise the server. YouPHPTube Encoder 2.3, a module for providing encoder features in YouPHPTube, contains exploitable unauthorised command injections.The base64Url parameter in /objects/getImage.php is susceptible to a command injection attack.
Mitigation / Precaution
- Sanitize all parameters received as input from the user.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
