VYPR

Clipbucket

by Clip Bucket

Source repositories

CVEs (45)

  • CVE-2018-7665CriMar 5, 2018
    risk 0.68cvss 9.8epss 0.16

    An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.

  • CVE-2026-45060CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This…

  • CVE-2026-42846CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.01

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is…

  • CVE-2018-7666CriMar 5, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.

  • CVE-2018-7664CriMar 5, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.

  • CVE-2026-45418HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST /actions/subtitle_edit.php request used to…

  • CVE-2026-37470HigMay 22, 2026
    risk 0.47cvss 7.3epss 0.00

    An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components

  • CVE-2026-42847HigMay 14, 2026
    risk 0.46cvss epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint admin_area/action_logs.php. The endpoint…

  • CVE-2026-47238MedJun 11, 2026
    risk 0.42cvss 6.5epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched…

  • CVE-2016-1000307MedApr 6, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to…

  • CVE-2016-4848MedSep 2, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4673MedApr 6, 2017
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3)…

  • CVE-2026-49482MedJun 12, 2026
    risk 0.28cvss 4.3epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite…

  • CVE-2013-10040Jul 31, 2025
    risk 0.09cvss epss 0.02

    ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker…

  • CVE-2025-55912Sep 18, 2025
    risk 0.04cvss epss 0.01

    An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler

  • CVE-2025-55911Sep 18, 2025
    risk 0.03cvss epss 0.01

    An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter

  • CVE-2012-5849May 14, 2015
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5)…

  • CVE-2015-2102Feb 27, 2015
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.

  • CVE-2012-6644Apr 8, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6)…

  • CVE-2012-6643Apr 8, 2014
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from…

Page 1 of 3