Clip-bucket Clipbucket — known CVE vulnerabilities
Every CVE whose affected-product data names Clip-bucket Clipbucket, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2018-7665 — CVSS 9.8 (critical): An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to…
CVE-2013-10040 — CVSS 9.8 (critical): ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-li…
CVE-2018-7664 — CVSS 9.8 (critical): An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name…
CVE-2018-7666 — CVSS 9.8 (critical): An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php…
CVE-2015-2102 — CVSS 7.5 (high): SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL…
CVE-2012-5849 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands…
CVE-2012-6643 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to…
CVE-2016-4848 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2016-1000307 — CVSS 6.1 (medium): Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web…
CVE-2015-4673 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script…
CVE-2011-3717 — CVSS 5.0 (medium): ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the…
CVE-2012-6642 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type…
CVE-2014-4187 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2012-6644 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the…