PHP Deserialization Vulnerability in ClipBucket Video Hosting Software
CVE-2024-54135
Currently unrated
What is CVE-2024-54135?
ClipBucket V5, an open-source video hosting platform, is susceptible to a PHP Deserialization vulnerability found in the upload/photo_upload.php file, specifically within the decode_key function. This vulnerability arises from the lack of proper input sanitization for user-supplied data via GET and POST parameters. By leveraging this flaw, an attacker can inject a maliciously crafted PHP serialized object, which could exploit gadget chains and lead to unexpected behaviors in the application. The issue affects ClipBucket versions from 2.0 up to 5.5.1 Revision 199, and it has been resolved in Revision 200.