Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
YouPHPTube SQL注入漏洞
Vulnerability Description
YouPHPTube是一套基于PHP的视频网站系统。 YouPHPTube 7.7及之前版本中存在安全漏洞,该漏洞源于程序没有正确处理通过‘live_stream_code’参数发送到/plugin/LiveChat/getChat.json.php文件的用户输入。攻击者可利用该漏洞读取数据中的敏感信息或造成其他危害。
CVSS Information
N/A
Vulnerability Type
N/A