Description
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78
Scores
CVSS v3
9.8
EPSS
0.0025
EPSS Percentile
48.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
oxygenz/clipbucket
5.5.1-141 - 5.5.1-200
Published
Dec 06, 2024
Tracked Since
Feb 18, 2026