PHP Deserialization Vulnerability in ClipBucket Video Hosting Software
CVE-2024-54136
Currently unrated
What is CVE-2024-54136?
The ClipBucket V5 software, which provides open-source video hosting, is susceptible to a PHP deserialization vulnerability affecting version 5.5.1 Revision 199 and earlier. This flaw resides in the upload/upload.php file, where user input via the 'collection' GET parameter is directly passed to the unserialize function. An attacker can exploit this vulnerability by injecting maliciously crafted PHP serialized objects, potentially leading to unexpected behaviors within the application due to the execution of gadget chains. Fixes are implemented in version 5.5.1 Revision 200.