Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ClipBucket SQL注入漏洞
Vulnerability Description
ClipBucket是Arslan团队开发的一套开源的视频共享软件。该软件可将视频分享到视频网站,且在观看影片时支持关灯效果。 ClipBucket 2.6 Revision 738及之前版本中存在SQL注入漏洞,该漏洞源于ajax.php脚本没有充分过滤add_friend操作中的‘uid’参数;ajax.php脚本没有充分过滤share_object、add_to_fav、rating和flag_object操作中的‘id’参数;ajax.php脚本没有充分过滤add_new_item、remove_
CVSS Information
N/A
Vulnerability Type
N/A