{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T15:16:39.886","vulnerabilities":[{"cve":{"id":"CVE-2025-21624","sourceIdentifier":"security-advisories@github.com","published":"2025-01-07T16:15:40.853","lastModified":"2025-09-05T16:28:26.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239."},{"lang":"es","value":"ClipBucket V5 ofrece alojamiento de vídeo de código abierto con PHP. Antes de la versión 5.5.1 - 239, existía una vulnerabilidad de carga de archivos en la función de gestión de listas de reproducción de la aplicación, específicamente relacionada con la carga de imágenes de portada de listas de reproducción. Sin las comprobaciones adecuadas, un atacante puede cargar un archivo de script PHP en lugar de un archivo de imagen, lo que permite almacenar y ejecutar un webshell u otros archivos maliciosos en el servidor. Este vector de ataque existe tanto en el área de administración como en el área de usuario de bajo nivel. Esta vulnerabilidad se solucionó en la versión 5.5.1 - 239."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.5.1-239","matchCriteriaId":"F73C26AF-6B17-4C66-87F4-5F77B2E5AAD0"}]}]}],"references":[{"url":"https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}