CVE-2019-25732

PHP EI-Tube Script 3 SQL Injection via search parameter

CVSS 8.8 HIGHEPSS 0.3%CWE-89

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to extract sensitive database information including usernames, passwords, and version details.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

eitube · EI-Tube

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/46440no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?s_rank=17 https://www.exploit-db.com/exploits/46440 https://www.vulncheck.com/advisories/php-ei-tube-script-3-sql-injection-via-search-parameter