CNNVD-202511-2321 Information

CNNVD ID

CNNVD-202511-2321

Related CVE

CVE-2025-62709

• CNNVD Published: 2025-11-20

Description (Chinese)

ClipBucket是MacWarrior开源的一个开源且可免费下载的 PHP 脚本。用于共享视频网站。 ClipBucket v5 5.5.2版本存在授权问题漏洞，该漏洞源于动态构建服务器URL时使用客户端控制的Host头，可能导致账户接管。

Description (English)

ClipBucket is an open-source, free-of-charge PHP script for MacWarrior. For sharing video sites. Version ClipBucket v.5.5.2 has a mandate gap, which stems from the use of a client-controlled host head when the server URL is built dynamically and may lead to the account taking over.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

MacWarrior

Published

2025-11-20

Last Modified

2026-02-24

References

https://github.com/MacWarrior/clipbucket-v5/commit/1a93532e665217b5d329808ca78e37e59e9f8a9d https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-xhhf-mpqr-2cq5

Patch

https://github.com/MacWarrior/clipbucket-v5/releases