CVE-2026-45060

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #129.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-45060

Affected Products

Clipbucket-V5

CVE-2026-45060

Weakness Enumeration

Related Identifiers

Affected Products

References · 2