Description

An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.

Remediation

References

CVE-2018-7666

Related Vulnerabilities

WordPress Plugin Klaviyo Cross-Site Scripting (3.0.7)

WordPress Plugin Easy Contact Form Builder Cross-Site Scripting (1.0)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)

Sqlite Incorrect Conversion between Numeric Types Vulnerability (CVE-2019-19317)

PostgreSQL Other Vulnerability (CVE-2004-0547)

Severity

Critical

Classification

CVE-2018-7666 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities