Vulnerabilities (CVE)

Filtered by vendor Clip-bucket Subscribe

Filtered by product Clipbucket

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-7665	1 Clip-bucket	1 Clipbucket	2018-03-27	10.0 HIGH	9.8 CRITICAL
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
CVE-2018-7666	1 Clip-bucket	1 Clipbucket	2018-03-27	7.5 HIGH	9.8 CRITICAL
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
CVE-2018-7664	1 Clip-bucket	1 Clipbucket	2018-03-27	10.0 HIGH	9.8 CRITICAL
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.