{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T19:52:26.250","vulnerabilities":[{"cve":{"id":"CVE-2024-54136","sourceIdentifier":"security-advisories@github.com","published":"2024-12-06T16:15:22.500","lastModified":"2025-09-22T17:52:43.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200."},{"lang":"es","value":"ClipBucket V5 ofrece alojamiento de vídeo de código abierto con PHP. ClipBucket-v5 versión 5.5.1 revisión 199 y anteriores son vulnerables a la vulnerabilidad de deserialización de PHP. La vulnerabilidad existe en upload/upload.php, donde la entrada proporcionada por el usuario a través del parámetro get de la colección se proporciona directamente a la función de deserialización. Como resultado, es posible que un adversario inyecte un objeto serializado PHP creado con fines malintencionados y utilice cadenas de gadgets para provocar comportamientos inesperados en la aplicación. Esta vulnerabilidad se solucionó en 5.5.1 revisión 200."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.1-141","versionEndExcluding":"5.5.1-200","matchCriteriaId":"AC34DDF7-A466-48B8-8204-72FEC296F4B9"}]}]}],"references":[{"url":"https://github.com/MacWarrior/clipbucket-v5/commit/76a829c088f0813ab3244a3bd0036111017409b0","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}}]}