{"id":"CVE-2019-16124","details":"In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.","modified":"2026-05-28T04:04:48.630938779Z","published":"2019-09-09T02:15:10.360Z","database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","cpes":["cpe:2.3:a:youphptube:youphptube:*:*:*:*:*:*:*:*"],"vendor_product":"youphptube:youphptube","extracted_events":[{"last_affected":"7.4"}]}]},"references":[{"type":"ADVISORY","url":"https://zerodays.lol/"},{"type":"FIX","url":"https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/47326"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wwbn/avideo","events":[{"introduced":"0"},{"fixed":"b32b410c9191c3c5db888514c29d7921f124d883"}],"database_specific":{"source":"REFERENCES"}}],"versions":["7.4","7.3","7.2","4.0","3.4","2.7","2.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16124.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}