Max CVSS | 10.0 | Min CVSS | 7.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-7666 | 7.5 |
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
|
27-03-2018 - 14:49 | 05-03-2018 - 07:29 | |
CVE-2018-7665 | 10.0 |
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
|
27-03-2018 - 14:49 | 05-03-2018 - 07:29 | |
CVE-2018-7664 | 10.0 |
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.
|
27-03-2018 - 14:48 | 05-03-2018 - 07:29 |