Description
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin 10Web Map Builder for Google Maps Security Bypass (1.0.63)
WordPress Plugin Restaurant Reservations Privilege Escalation (1.3)
WordPress Plugin Import/Export Customizer Settings Cross-Site Request Forgery (1.0.3)
WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Request Forgery (2.57)
WordPress Plugin Responsive WordPress Slider Cross-Site Scripting (2.2.0)