Search criteria
2 vulnerabilities by playtube
CVE-2023-4714 (GCVE-0-2023-4714)
Vulnerability from cvelistv5 – Published: 2023-09-01 20:00 – Updated: 2024-08-02 07:37
VLAI?
Title
PlayTube Redirect information disclosure
Summary
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "playtube",
"vendor": "playtube",
"versions": [
{
"status": "affected",
"version": "3.0.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4714",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:30:02.694116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:43:13.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.238577"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.238577"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174446/PlayTube-3.0.1-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Redirect Handler"
],
"product": "PlayTube",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in PlayTube 3.0.1 gefunden. Dies betrifft einen unbekannten Teil der Komponente Redirect Handler. Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T15:12:05.910Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.238577"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.238577"
},
{
"tags": [
"related"
],
"url": "http://packetstormsecurity.com/files/174446/PlayTube-3.0.1-Information-Disclosure.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-01T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-09-29T13:56:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "PlayTube Redirect information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4714",
"datePublished": "2023-09-01T20:00:08.391Z",
"dateReserved": "2023-09-01T12:56:51.843Z",
"dateUpdated": "2024-08-02T07:37:59.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13792 (GCVE-0-2020-13792)
Vulnerability from cvelistv5 – Published: 2020-06-03 19:32 – Updated: 2024-08-04 12:25
VLAI?
Summary
PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.overfl0wed.com/web/lfi/info_disclosure/2020/03/30/PlayTube-LFI-to-Info-Disclosure-Writeup.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload\u0026page=manage-users directory traversal, aka local file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T19:32:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.overfl0wed.com/web/lfi/info_disclosure/2020/03/30/PlayTube-LFI-to-Info-Disclosure-Writeup.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload\u0026page=manage-users directory traversal, aka local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.overfl0wed.com/web/lfi/info_disclosure/2020/03/30/PlayTube-LFI-to-Info-Disclosure-Writeup.html",
"refsource": "MISC",
"url": "https://blog.overfl0wed.com/web/lfi/info_disclosure/2020/03/30/PlayTube-LFI-to-Info-Disclosure-Writeup.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13792",
"datePublished": "2020-06-03T19:32:45.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}