ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239.
The playlist management functionality in ClipBucket V5 allows uploading cover images, however the application does not properly verify the type of uploaded file. An attacker can upload a file with a PHP script extension or content instead of a graphics file. After the file is saved on the server, it can be directly invoked through a web browser, resulting in code execution on the server side (webshell). The attack vector is accessible both from the administrative panel and from a regular user account.
An attacker can gain full control of the server by uploading and executing a webshell or other malicious code, threatening the confidentiality, integrity, and availability of the entire system.
ClipBucket V5 should be updated to version 5.5.1 - 239 or newer, in which the vulnerability has been patched. The patch is available in the vendor's GitHub repository (commit 893bfb0f1236c4a59b5e2843ab8d27a1e491b12b).
ClipBucket V5 in versions prior to 5.5.1 - 239
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOxygenz Clipbucket
APPOxygenz5.3 – 5.5.1-239 (bez)
Related vulnerabilities
TOCTOU Race Condition w ClipBucket umożliwia wykonanie kodu PHP
Blind SQL Injection w ClipBucket v5 — sekcja komentarzy kanału
ClipBucket 5.5.2 — hardcoded domyślne dane logowania w panelu admina
PHP Deserialization w ClipBucket V5 — zdalne wykonanie kodu
PHP Deserialization w ClipBucket V5 umożliwia zdalne wykonanie kodu