CNNVD-202510-2474 Information

CNNVD ID

CNNVD-202510-2474

Related CVE

CVE-2025-62424

• CNNVD Published: 2025-10-17

Description (Chinese)

ClipBucket是MacWarrior开源的一个开源且可免费下载的 PHP 脚本。用于共享视频网站。 ClipBucket 5.5.2 - #146版本存在路径遍历漏洞，该漏洞源于对文件加载路径验证不足，可能导致路径遍历攻击。

Description (English)

ClipBucket is an open-source, free-of-charge PHP script for MacWarrior. For sharing video sites. ClipBucket 5.5.2 - #146 has a loophole in the path, which results from inadequate verification of the file load path, which may lead to a path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

MacWarrior

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/MacWarrior/clipbucket-v5/commit/c06d0f2e69c9acb008cebbd34fd5f29da3191a28 https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3v2p-rfwx-52qj https://access.redhat.com/security/cve/cve-2025-62424

Patch

https://github.com/MacWarrior/clipbucket-v5/releases