Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-5129

EPSS 93.06% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-5129

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
YouPHPTube Encoder 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
YouPHPTube是一套基于PHP的视频网站系统。YouPHPTube Encoder是其中的一个编码器。 YouPHPTube Encoder 2.3版本中的/objects/getSpiritsFromVideo.php文件的‘base64Url’参数存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中,网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-YouPHPTube YouPHPTube Encoder 2.3 -

II. Public POCs for CVE-2019-5129

#POC DescriptionSource LinkShenlong Link
1Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-5129.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-5129

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-10-25 · 25 CVEs total

CVE-2019-5122YouPHPTube SQL注入漏洞
CVE-2019-18221CoreHR Core Portal 跨站脚本漏洞
CVE-2017-14742LabF nfsAxe FTP client 缓冲区错误漏洞
CVE-2019-5508NetApp Clustered Data ONTAP 输入验证错误漏洞
CVE-2019-13525Honeywell IP-AK2 访问控制错误漏洞
CVE-2019-13546Philips IntelliSpace Perinatal 安全漏洞
CVE-2019-13553Rittal Chiller SK 3232-Series 信任管理问题漏洞
CVE-2019-13549Rittal Chiller SK 3232-Series 访问控制错误漏洞
CVE-2019-5119YouPHPTube SQL注入漏洞
CVE-2019-5120YouPHPTube SQL注入漏洞
CVE-2019-5114YouPHPTube SQL注入漏洞
CVE-2019-5123YouPHPTube SQL注入漏洞
CVE-2013-4857D-Link DIR-865L 安全漏洞
CVE-2019-5121YouPHPTube SQL注入漏洞
CVE-2019-5117YouPHPTube SQL注入漏洞
CVE-2019-5116YouPHPTube SQL注入漏洞
CVE-2019-5128YouPHPTube Encoder 操作系统命令注入漏洞
CVE-2019-5127YouPHPTube Encoder 操作系统命令注入漏洞
CVE-2019-162653S-Smart CODESYS ENI server 缓冲区错误漏洞
CVE-2019-14451Repetier-Server 代码问题漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: YouPHPTube
Same vendor: n/a
Same weakness: CWE-78

V. Comments for CVE-2019-5129

No comments yet

Leave a comment