ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The obj_id parameter within the POST request to /actions/ajax.php is then used within the user_exists function of the upload/includes/classes/user.class. php file as the $id parameter. It is then used within the count function of the upload/includes/classes/db.class. php file. The $id parameter is concatenated into the query without validation or sanitization, and a user-supplied input like 1' or 1=1-- - can be used to trigger the injection. This issue does not have a fix at the time of publication.
When adding a comment to a channel, the application sends a POST request to the /actions/ajax.php endpoint. The obj_id parameter from this request is passed directly to the user_exists function in the upload/includes/classes/user.class.php file as the $id variable, and then to the count function in the upload/includes/classes/db.class.php file. The $id parameter is concatenated directly into the SQL query without any input validation or sanitization. An attacker can provide a payload like '1' or 1=1-- -', which triggers blind SQL injection, allowing data to be read from the database by analyzing application behavior.
An unauthenticated remote attacker can gain unauthorized access to database contents, including user data, passwords and other sensitive information, and potentially also modify or delete application data.
At the time of publication, the vulnerability had no available patch. You should monitor the project repository at https://github.com/MacWarrior/clipbucket-v5 and apply the patch immediately upon release. Until a patch is released, it is recommended to restrict access to the /actions/ajax.php endpoint (e.g., through a WAF application firewall) and consider temporarily disabling the channel commenting feature.
ClipBucket v5 in versions 5.5.2-#187 and lower (open source video sharing platform).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOxygenz Clipbucket
APPOxygenz5.3 – 5.5.2-191 (bez)
Related vulnerabilities
TOCTOU Race Condition w ClipBucket umożliwia wykonanie kodu PHP
ClipBucket 5.5.2 — hardcoded domyślne dane logowania w panelu admina
ClipBucket V5 — nieograniczony upload plików PHP przez funkcję playlist
PHP Deserialization w ClipBucket V5 — zdalne wykonanie kodu
PHP Deserialization w ClipBucket V5 umożliwia zdalne wykonanie kodu