PHP Deserialization Vulnerability in ClipBucket Video Hosting Software
CVE-2024-54135
What is CVE-2024-54135?
ClipBucket V5, an open-source video hosting platform, is susceptible to a PHP Deserialization vulnerability found in the upload/photo_upload.php file, specifically within the decode_key function. This vulnerability arises from the lack of proper input sanitization for user-supplied data via GET and POST parameters. By leveraging this flaw, an attacker can inject a maliciously crafted PHP serialized object, which could exploit gadget chains and lead to unexpected behaviors in the application. The issue affects ClipBucket versions from 2.0 up to 5.5.1 Revision 199, and it has been resolved in Revision 200.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.