Description

An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.

Remediation

References

CVE-2018-7665

Related Vulnerabilities

WordPress Plugin WatuPRO Multiple Vulnerabilities (4.8.8.4)

WordPress Plugin Related Posts Cross-Site Scripting (5.12.91)

MongoDb Improper Certificate Validation Vulnerability (CVE-2023-1409)

WordPress Plugin Social Share Icons & Social Share Buttons Cross-Site Scripting (3.0.5)

WordPress Plugin Product Catalog Multiple Vulnerabilities (3.1.2)

Severity

Critical

Classification

CVE-2018-7665 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities