CVE-2018-7665
NONE EPSS 96.6%
Published Mar 5, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 5, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
Threat Intelligence
EPSS Exploit Probability
96.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| clip-bucket | clipbucket | * | ≤4.0.0 |
References 2
- lists.openwall.net http://lists.openwall.net/full-disclosure/2018/02/27/1
- sec-consult.com https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.