{"id":"CVE-2019-16124","details":"In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.","modified":"2026-03-10T22:22:50.103152Z","published":"2019-09-09T02:15:10.360Z","references":[{"type":"WEB"},{"type":"ADVISORY","url":"https://zerodays.lol/"},{"type":"FIX","url":"https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/47326"}],"affected":[{"ranges":[{"repo":"https://github.com/wwbn/avideo","events":[{"introduced":"0"},{"fixed":"b32b410c9191c3c5db888514c29d7921f124d883"}]},{"type":"GIT","repo":"https://github.com/youphptube/youphptube","events":[{"introduced":"0"},{"last_affected":"7311f1af5a729f68ee7a7e7180e7251d20454267"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.4"}]}}],"versions":["2.2","2.4","2.7","3.4","3.4.1","4.0","4.0.1","4.0.2","5.0","6.5","7.2","7.3","7.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16124.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}