command injection vulnerability

[mr4ndr3w]

Heya,

I found 2 high critical security issues:
command injection vulnerabilities

plugin/cache
/plugin/CloneSite

Where I can report them? And who will request cve?

[DanielnetoDotCom]

Hi, can you please send it to my email developer@youphptube.com

also if you have a CVE link, please send it to, me so I can give you the credits for the fix

[mr4ndr3w]

check email

[mr4ndr3w]

can you request a CVE identification number from GitHub?

[DanielnetoDotCom]

Thank you for your email and for highlighting the vulnerabilities. Upon review, it appears that these vulnerabilities can only be exploited if an attacker has already obtained administrative access to the server. Here's a brief overview:

1. Vulnerability 1 (/plugin/CloneSite): Requires admin access to the server or SSH root access to the site to be cloned.
2. Vulnerability 2 (Cache): Also necessitates admin access to the server.

Given that these scenarios involve an attacker who already has high-level access, further exploitation would be redundant, as the server is compromised in more significant ways at that point. Unless I'm mistaken, I believe no immediate action or fix is necessary for these particular vulnerabilities under the described conditions.