CVE-2018-7665

Name of the Vulnerable Software and Affected Versions: ClipBucket versions prior to 4.0.0 Release 4902

Description: The issue allows a remote attacker to upload malicious files to the server using the name parameter in the /actions/beats uploader.php or /actions/photo uploader.php API endpoints, or the coverPhoto parameter in the edit account.php endpoint.

Recommendations: For ClipBucket versions prior to 4.0.0 Release 4902, update to version 4.0.0 Release 4902 or later to resolve the issue. As a temporary workaround, consider restricting access to the beats uploader.php, photo uploader.php, and edit account.php scripts to minimize the risk of exploitation. Avoid using the name and coverPhoto parameters in the affected API endpoints until the issue is resolved.