Macwarrior

**Name of the Vulnerable Software and Affected Versions** ClipBucket versions prior to 5.5.3 - #122 **Description** An SQL Injection (SQLi) issue exists in the authenticated admin endpoint "admin area/action logs.php". The endpoint processes the `type` parameter, which is passed to the `fetch action logs()` function and concatenated directly into a SQL WHERE condition on `action type` without parameterization. This allows for UNION-based SQL injection, enabling direct data exfiltration from the database. **Recommendations** Update to version 5.5.3 - #122. As a temporary workaround, restrict access to the "admin area/action logs.php" endpoint or avoid using the `type` parameter until the update is applied.