CVE-2024-54136

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 6, 2024
CWE ID 502

Summary

CVE-2024-54136 is a PHP Deserialization vulnerability affecting ClipBucket V5, an open-source video hosting solution. Versions 5.5.1 Revision 199 and below are susceptible to this issue. The vulnerability lies in the upload/upload.php file, where user-supplied input via the collection get parameter is passed directly to the unserialize function. Adversaries can exploit this flaw by injecting maliciously crafted PHP serialized objects and leveraging gadget chains to cause unintended application behavior. This vulnerability was addressed in 5.5.1 Revision 200.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share