CVE-2012-6643

Name of the Vulnerable Software and Affected Versions ClipBucket version 2.6

Description The issue concerns SQL injection vulnerabilities in the update counter function, located in includes/functions.php. Remote attackers can exploit this by executing arbitrary SQL commands via the time parameter to API endpoints such as "videos.php" or "channels.php".

Recommendations For ClipBucket version 2.6, consider restricting access to the update counter function in includes/functions.php until a patch is available. As a temporary workaround, avoid using the time parameter in the affected API endpoints "videos.php" and "channels.php" to minimize the risk of exploitation.