CNNVD-202602-2074 Information
CNNVD ID
CNNVD-202602-2074
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
ClipBucket是MacWarrior开源的一个开源且可免费下载的 PHP 脚本。用于共享视频网站。 ClipBucket v5 5.5.3之前版本存在代码问题漏洞,该漏洞源于远程播放功能允许创建引用外部视频URL的视频条目,通过指定内部网络主机可能触发SSRF,导致向内部服务器发送GET请求。
Description (English)
ClipBucket is an open-source, free-of-charge PHP script for MacWarrior. For sharing video sites. The pre-ClipBucket v5 5.5.3 version has a code problem loophole, which stems from the remote play function that allows the creation of video entries referencing external video URLs, and may trigger SSR by specifying an internal network host, leading to the sending of GET requests to an internal server.
Vulnerability Type
代码问题
Affected Vendor
MacWarrior
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/MacWarrior/clipbucket-v5/commit/a9e0f2322fb37501dfd4f44079fc7826a132503a https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-69xj-2pq3-5r4v
Patch
https://github.com/MacWarrior/clipbucket-v5/releases
Share on: