Vulnerability Description
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clip-Bucket | Clipbucket | <= 4.0.0 |
Related Weaknesses (CWE)
References
- http://lists.openwall.net/full-disclosure/2018/02/27/1ExploitThird Party Advisory
- https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-fiExploitThird Party Advisory
- http://lists.openwall.net/full-disclosure/2018/02/27/1ExploitThird Party Advisory
- https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-fiExploitThird Party Advisory
FAQ
What is CVE-2018-7666?
CVE-2018-7666 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and t...
How severe is CVE-2018-7666?
CVE-2018-7666 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7666?
Check the references section above for vendor advisories and patch information. Affected products include: Clip-Bucket Clipbucket.