CVE-2026-21875

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-#187

Description ClipBucket v5 is a video sharing platform susceptible to a Blind SQL Injection issue. The flaw exists within the add comment section of a channel. An attacker can exploit this by sending a POST request to the /actions/ajax.php endpoint. The obj id parameter within this request is used in the user exists function of the upload/includes/classes/user.class.php file, specifically as the $id parameter. This $id parameter is then used in the count function of the upload/includes/classes/db.class.php file. The parameter is incorporated into a query without proper validation or sanitization, allowing a crafted input like 1' or 1=1-- - to trigger the injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.