CNNVD-202509-2868 Information

CNNVD ID

CNNVD-202509-2868

Related CVE

CVE-2025-55912

• CNNVD Published: 2025-09-18

Description (Chinese)

ClipBucket是MacWarrior开源的一个开源且可免费下载的 PHP 脚本。用于共享视频网站。 ClipBucket 5.5.0及之前版本存在安全漏洞，该漏洞源于上传处理程序缺少访问控制，可能导致未经验证的攻击者上传任意文件。

Description (English)

ClipBucket is an open-source, free-of-charge PHP script for MacWarrior. For sharing video sites. ClipBucket 5.5.0 and previous versions had a security loophole, which stemmed from the lack of access control over the uploading process and could lead to unverified attackers uploading random documents.

Hazard Level

High

Vulnerability Type

权限许可和访问控制问题

Affected Vendor

Maggioli SpA

Published

2025-09-18

Last Modified

2026-02-24

References

https://github.com/MacWarrior/clipbucket-v5/releases?page=2 https://github.com/MacWarrior/clipbucket-v5/tree/5.5.0 https://github.com/MacWarrior/clipbucket-v5/blob/5.5.0/upload/actions/photo_uploader.php https://medium.com/@mukund.s1337/cve-2025-55912-clipbucket-5-5-0-unauthenticated-arbitrary-file-upload-rce-720c0c0fbc58 https://www.exploit-db.com/exploits/52435 https://cxsecurity.com/issue/WLB-2026020012

Patch

https://github.com/MacWarrior/clipbucket-v5/releases