CNNVD-202601-1360 Information

CNNVD ID

CNNVD-202601-1360

Related CVE

CVE-2026-21875

• CNNVD Published: 2026-01-08

Description (Chinese)

ClipBucket是MacWarrior开源的一个开源且可免费下载的 PHP 脚本。用于共享视频网站。 ClipBucket v5 5.5.2-#187及之前版本存在SQL注入漏洞，该漏洞源于对/actions/ajax.php端点中obj_id参数未经验证或清理，可能导致盲SQL注入。

Description (English)

ClipBucket is an open-source, free-of-charge PHP script for MacWarrior. For sharing video sites. ClipBucket v5 5.5.2-#187 and earlier versions have an injection loophole in SQL, which originates from unverified or uncleaned obj id parameters at the /actions/ajax.php endpoint, which may result in blind SQL injections.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

MacWarrior

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-crpv-fmc4-j392 https://access.redhat.com/security/cve/cve-2026-21875

Patch

https://clipbucket.com/