CVE-2012-5849

Clip-bucket Clipbucket < 2.6 - SQL Injection

Title source: rule
STIX 2.1

Description

Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.

Exploits (1)

exploitdb WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/23252

References (13)

Core 13
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/23252
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/88175
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/88177
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56854
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/88179
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/88180
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-12/0063.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-12/0056.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/88178
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/88176

Scores

EPSS 0.0648
EPSS Percentile 91.1%

Details

CWE
CWE-89
Status published
Products (1)
clip-bucket/clipbucket < 2.6
Published May 14, 2015
Tracked Since Feb 18, 2026