We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.
Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheckCWE-434 Unrestricted Upload of File with Dangerous Type
Gabby
raw.githubusercontent.com/...ebapp/clipbucket_upload_exec.rb
packetstorm.news/files/id/123480
github.com/arslancb/clipbucket
clipbucket.com/
www.vulncheck.com/...es/clipbucket-arbitrary-file-upload-rce
Support options