Kawing-Ho

**Name of the Vulnerable Software and Affected Versions** ClipBucket V5 versions prior to 5.5.1 - 237 **Description** The issue arises during the user avatar upload workflow, where a user can upload and change their avatar at any time. During deletion, ClipBucket checks if the `avatar url` is a filepath within the `avatars` subdirectory. If the URL path exists within the `avatars` directory, ClipBucket will delete it. However, there is no check for path traversal sequences in the provided user input, stored in the database as `avatar url`. This allows the final `$file` variable to be tainted with path traversal sequences, leading to file deletion outside of the intended scope of the `avatars` folder. **Recommendations** For ClipBucket V5 versions prior to 5.5.1 - 237, update to version 5.5.1 - 237 to resolve the issue. As a temporary workaround, consider restricting access to the avatar upload functionality to minimize the risk of exploitation. Additionally, avoid using user-provided input for file deletion operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ClipBucket V5 versions prior to 5.5.1 - 238 **Description** The issue allows unauthenticated attackers to change the template directory via a directory traversal, resulting in a denial of service. ClipBucket V5 provides open source video hosting with PHP. **Recommendations** For versions prior to 5.5.1 - 238, update to version 5.5.1 - 238 or later to resolve the issue. As a temporary workaround, consider restricting access to the template directory to prevent unauthorized changes.

**Name of the Vulnerable Software and Affected Versions** ClipBucket V5 versions prior to 5.5.1 - 239 **Description** A file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. **Recommendations** Update to version 5.5.1 - 239 to fix the vulnerability. As a temporary workaround, consider disabling the file upload functionality in the Manage Playlist section until the update is applied. Restrict access to the server to minimize the risk of exploitation. Avoid using the file upload feature for playlist cover images until the issue is resolved.