{"containers":{"cna":{"affected":[{"product":"YouPHPTube","vendor":"n/a","versions":[{"status":"affected","version":"YouPHPTube 7.7 commit b22e81d25b2a570f4867ea5dce5153ba4c76cc2d (Oct 15th 2019)"}]}],"descriptions":[{"lang":"en","value":"An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-04-19T17:34:56.000Z","orgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","shortName":"talos"},"references":[{"tags":["x_refsource_MISC"],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"talos-cna@cisco.com","ID":"CVE-2019-5151","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"YouPHPTube","version":{"version_data":[{"version_value":"YouPHPTube 7.7 commit b22e81d25b2a570f4867ea5dce5153ba4c76cc2d (Oct 15th 2019)"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability."}]},"impact":{"cvss":{"baseScore":10,"baseSeverity":null,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]},"references":{"reference_data":[{"name":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941","refsource":"MISC","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T19:47:56.630Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941"}]}]},"cveMetadata":{"assignerOrgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","assignerShortName":"talos","cveId":"CVE-2019-5151","datePublished":"2019-10-31T19:43:30.000Z","dateReserved":"2019-01-04T00:00:00.000Z","dateUpdated":"2024-08-04T19:47:56.630Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}