How severe is CVE-2021-47749?

CVE-2021-47749 has a CVSS v3 score of 6.2 (MEDIUM).

CVE-2021-47749

Q: What is CVE-2021-47749?

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.

6.2MEDIUM

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can expl

发布于: 1/13/2026更新于: 1/14/2026

在NVD查看在MITRE查看

描述

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.

AI分析AI驱动

参考资料

https://web.archive.org/web/20170506141644/https://www.youphptube.com/
https://www.exploit-db.com/exploits/51101
https://www.vulncheck.com/advisories/youphptube-directory-traversal
https://www.exploit-db.com/exploits/51101