Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239.
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc
- https://github.com/kawing-ho/advisories
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/thexnumb/thexwriteup