Clip-bucket » Clipbucket : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2018-7666

An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-03-05
Updated
2018-03-27

CVE-2018-7665

Public exploit
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
Max CVSS
10.0
EPSS Score
96.31%
Published
2018-03-05
Updated
2018-03-27

CVE-2018-7664

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.
Max CVSS
10.0
EPSS Score
11.96%
Published
2018-03-05
Updated
2018-03-27
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close