CVE-2025-55912

High CVSS: 7.3

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler

Vendor

Oxygenz

Product

Clipbucket

CWE

CWE-434

Yayın Tarihi

2025-09-18 16:15:51

Güncelleme

2025-10-31 17:14:53

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Clipbucket HIGH Oxygenz 2025

Referanslar

https://github.com/MacWarrior/clipbucket-v5/blob/5.5.0/upload/actions/photo_uploader.php https://github.com/MacWarrior/clipbucket-v5/releases?page=2 https://github.com/MacWarrior/clipbucket-v5/tree/5.5.0 https://medium.com/@mukund.s1337/cve-2025-55912-clipbucket-5-5-0-unauthenticated-arbitrary-file-upload-rce-720c0c0fbc58

Benzer Kayıtlar

High

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability ex…

Medium

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulne…

Low

CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can stor…

Medium

CVE-2026-26005

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows…

Critical

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) ra…

Critical

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind…