📦 Clipbucket

ClipBucket v5 versions 5.5.2-#187 and below contain a blind SQL injection vulnerability in the comment functionality. Attackers can exploit this by injecting malicious SQL payloads through the obj_id ...

ClipBucket 5.5.2 ships with hardcoded default administrative credentials, allowing unauthenticated remote attackers to gain full administrative control of the application. This affects all deployments...

ClipBucket v5 versions 5.5.2-#156 and below contain a stored cross-site scripting (XSS) vulnerability in the photo collection name field. Authenticated regular users can inject malicious scripts that ...

ClipBucket V5 has a file upload vulnerability in the Manage Playlist functionality that allows attackers to upload PHP script files disguised as playlist cover images. This can lead to webshell deploy...

This CVE describes a PHP deserialization vulnerability in ClipBucket V5 video hosting software that allows attackers to execute arbitrary code by sending malicious serialized objects. The vulnerabilit...

ClipBucket v5 versions before 5.5.3 - #40 have a TOCTOU race condition in avatar/background image uploads. Attackers can upload malicious PHP files that execute arbitrary code before validation delete...

This vulnerability allows remote code execution in ClipBucket v5 video sharing platform. Attackers can inject malicious PHP code through the 'type' parameter in update_launch.php, enabling them to exe...

This vulnerability in ClipBucket V5 allows unauthenticated attackers to perform directory traversal attacks to change the template directory, leading to denial of service. All ClipBucket V5 installati...

This CVE describes a path traversal vulnerability in ClipBucket V5's avatar upload feature. Attackers can delete arbitrary files on the server by manipulating avatar URLs with directory traversal sequ...

ClipBucket v5's Remote Play feature allows users to create video entries referencing external URLs. Attackers can exploit this by specifying internal network hosts in video URLs, triggering Server-Sid...

ClipBucket v5 has an authorization bypass vulnerability in its AJAX flagging system that allows unauthenticated users to flag any content (users, videos, photos, collections). This affects all ClipBuc...

ClipBucket v5.5.2 has a host header injection vulnerability that allows attackers to manipulate password reset links. When the base_url configuration isn't set, the application uses the client-control...

ClipBucket v5 has a stored XSS vulnerability in the Manage Playlists feature where authenticated low-privileged users can inject malicious JavaScript into playlist names. This code executes in the bro...

ClipBucket v5 versions 5.5.2-#146 and below contain a stored XSS vulnerability in the Manage Photos feature. Authenticated regular users can inject malicious JavaScript into photo titles that executes...

ClipBucket v5 versions 5.5.2-#147 and below contain a stored XSS vulnerability in the Collection tags feature. Authenticated normal users can inject malicious JavaScript into tags, which executes in t...

ClipBucket v5 through build 5.5.2 #145 has stored cross-site scripting (XSS) vulnerabilities in video and photo metadata fields. Authenticated users can inject malicious scripts that execute when any ...

This is a blind SQL injection vulnerability in ClipBucket V5's admin login-as-user functionality. Attackers with admin access can exploit it to extract database information or potentially gain unautho...

This vulnerability in ClipBucket v5.5.2 Build#90 allows remote attackers to execute arbitrary code via the file_downloader.php component by manipulating the file parameter. It affects all systems runn...