CVE-2026-45060
CRITICALClipBucket: Blind SQL Injection in progress_video.php
Title source: cnaDescription
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #129.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-wpq3-gxx7-c76h
Scores
CVSS v3
9.8
EPSS
0.0036
EPSS Percentile
28.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
MacWarrior/clipbucket-v5
< 5.5.3 - #129
Published
Jun 11, 2026
Tracked Since
Jun 12, 2026