Back to KEVs

CVE-2019-5128

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 04, 2019
Published Date
October 25, 2019
Last Updated
August 04, 2024
Vendor
n/a
Product
YouPHPTube
Description
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack.

CVSS Scores

CVSS v3.0

10.0 - CRITICAL

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

Score
87.20% (Percentile: 99.38%) as of 2025-04-29

Exploit Status

Exploited in the Wild
Yes (added 2025-04-27 00:00:00 UTC) Source

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-04-27 00:00:00 UTC