Description

An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.

Remediation

References

CVE-2018-7665

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3378)

WordPress Plugin Shield Security-Smart Bot Blocking & Intrusion Prevention Security Cross-Site Scripting (13.0.5)

WordPress Plugin Theme Demo Import Arbitrary File Upload (1.1.0)

WordPress Plugin Simple Events Calendar SQL Injection (1.3.5)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4208)

Severity

Critical

Classification

CVE-2018-7665 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities