Intrusion Prevention

YouPHPTube.checkConfiguration.php.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Command Injection Vulnerability in YouPHPTube.
A remote attacker with knowledge of the database credentials could exploit this vulnerability by sending a crafted request to checkConfiguration.php and then subsequently browsing to the homepage. Successful exploitation could result in arbitrary code execution on the target system under the context of the server process.

Affected Products

YouPHPTube YouPHPTube 7.4

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883

CVE References

CVE-2019-16124