CVE-2012-5849

NONE EPSS 85.2%
Published May 14, 201511y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 14, 2015 11y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.

Threat Intelligence

EPSS Exploit Probability
85.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
clip-bucketclipbucket* ≤2.6

References 13

Remediation

  • forums.clip-bucket.com http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29
    Patch
  • sourceforge.net http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/
    Patch