CVE-2019-5127
published 2019-10-25CVE-2019-5127: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
45.30%
98.6th percentile
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| youphptube | youphptube_encoder | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path/objects/getImageMP4.php
path/objects/getSpiritsFromVideo.php
command`id > {{filename}}.txt`
- →Monitor HTTP GET requests to /objects/getImage.php, /objects/getImageMP4.php, and /objects/getSpiritsFromVideo.php containing a base64Url parameter — the base64-decoded value of that parameter should be inspected for shell metacharacters (backticks, semicolons, pipes, etc.) indicating command injection. ↗
- →A successful exploitation attempt will cause the server to write a file (e.g., a .txt file) to the web root and return its contents with a plain-text Content-Type header and HTTP 200. Detect by correlating a GET to the three vulnerable PHP endpoints followed by a GET to a short-named .txt file under /objects/, with the response body matching uid=[0-9]+.*gid=[0-9]+.*
- →The vulnerability is unauthenticated — no session cookie or authentication header is required. Alert on any unauthenticated access to the three vulnerable endpoints from external IP addresses. ↗
- ·The Nuclei template uses a randomly generated lowercase alpha filename (5 chars) for the out-of-band write probe, so the exact filename will vary per scan run and cannot be used as a static IOC.
- ·The injected payload is base64-encoded before being placed in the base64Url query parameter; WAF/IDS rules must base64-decode the parameter value before inspecting it for shell metacharacters.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-354f-hf2x-4xmq: A command injection have been found in YouPHPTube Encoder
ghsa_unreviewed·2022-05-24
CVE-2019-5127 [CRITICAL] CWE-78 GHSA-354f-hf2x-4xmq: A command injection have been found in YouPHPTube Encoder
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
VulnCheck
youphptube youphptube_encoder Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2019·CVSS 9.8
CVE-2019-5127 [CRITICAL] youphptube youphptube_encoder Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
youphptube youphptube_encoder Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
Affected: youphptube youphptube_encoder
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&hos
No detection rules found.
Nuclei
YouPHPTube Encoder 2.3 - Remote Command Injection
nuclei·CVSS 9.8
CVE-2019-5127 [CRITICAL] YouPHPTube Encoder 2.3 - Remote Command Injection
YouPHPTube Encoder 2.3 - Remote Command Injection
YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.
Template:
id: CVE-2019-5127
info:
name: YouPHPTube Encoder 2.3 - Remote Command Injection
author: pikpikcu
severity: critical
description: YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially com
Talos
Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube
blogs_talos·2019-10-17·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube
Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities.
YouPHPTube contains multiple vulnerabilities that could allow an attacker to carry out a variety of malicious activities. Specially crafted, attacker-created web requests can allow an attacker to inject SQL code into the application in some of these cases. YouPHPTube is an open-source program that can allow users to create their own, custom video sites. The software is meant to mimic popular websites such as YouTube, Netflix and Vimeo, according to its website. If successful, an attacker could use these
vulnerabilities to gain the ability to exfiltrate files in the database, steal user credentials and, in some configurations, access the underlying operating system.
In accordance with our coordinated disclosure pol
Talos
Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube
blogs_talos·2019-10-17·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube
## Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube
Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities.
YouPHPTube contains multiple vulnerabilities that could allow an attacker to carry out a variety of malicious activities. Specially crafted, attacker-created web requests can allow an attacker to inject SQL code into the application in some of these cases. YouPHPTube is an open-source program that can allow users to create their own, custom video sites. The software is meant to mimic popular websites such as YouTube, Netflix and Vimeo, according to its website. If successful, an attacker could use these
vulnerabilities to gain the ability to exfiltrate files in the database, steal user credentials and, in some configurations, access the underlying
2019-10-25
Published
Exploited in the wild