CVE-2024-54136
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 6, 2024
CWE ID 502
Summary
CVE-2024-54136 is a PHP Deserialization vulnerability affecting ClipBucket V5, an open-source video hosting solution. Versions 5.5.1 Revision 199 and below are susceptible to this issue. The vulnerability lies in the upload/upload.php file, where user-supplied input via the collection get parameter is passed directly to the unserialize function. Adversaries can exploit this flaw by injecting maliciously crafted PHP serialized objects and leveraging gadget chains to cause unintended application behavior. This vulnerability was addressed in 5.5.1 Revision 200.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- ClipBucket V5