CVE-2012-5849
NONE EPSS 85.2%
Published May 14, 201511y ago · Modified Jun 16, 20262w ago
Published May 14, 2015 11y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.
Threat Intelligence
EPSS Exploit Probability
85.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| clip-bucket | clipbucket | * | ≤2.6 |
References 13
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2012-12/0056.html
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2012-12/0063.html
- forums.clip-bucket.com http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29
- osvdb.org http://osvdb.org/88175
- osvdb.org http://osvdb.org/88176
- osvdb.org http://osvdb.org/88177
- osvdb.org http://osvdb.org/88178
- osvdb.org http://osvdb.org/88179
- osvdb.org http://osvdb.org/88180
- sourceforge.net http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/
- exploit-db.com http://www.exploit-db.com/exploits/23252
- securityfocus.com http://www.securityfocus.com/bid/56854
- htbridge.com https://www.htbridge.com/advisory/HTB23125
Remediation
- forums.clip-bucket.com http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29
- sourceforge.net http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/