CVE-2024-54136

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-54136
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/MacWarrior/clipbucket-v5/commit/76a829c088f0813ab3244a3bd0036111017409b0 Patch
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*
History

22 Sep 2025, 17:52

Type Values Removed Values Added
Summary
  • (es) ClipBucket V5 ofrece alojamiento de vídeo de código abierto con PHP. ClipBucket-v5 versión 5.5.1 revisión 199 y anteriores son vulnerables a la vulnerabilidad de deserialización de PHP. La vulnerabilidad existe en upload/upload.php, donde la entrada proporcionada por el usuario a través del parámetro get de la colección se proporciona directamente a la función de deserialización. Como resultado, es posible que un adversario inyecte un objeto serializado PHP creado con fines malintencionados y utilice cadenas de gadgets para provocar comportamientos inesperados en la aplicación. Esta vulnerabilidad se solucionó en 5.5.1 revisión 200.
CPE cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*
First Time Oxygenz
Oxygenz clipbucket
References () https://github.com/MacWarrior/clipbucket-v5/commit/76a829c088f0813ab3244a3bd0036111017409b0 - () https://github.com/MacWarrior/clipbucket-v5/commit/76a829c088f0813ab3244a3bd0036111017409b0 - Patch
References () https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78 - () https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78 - Exploit, Third Party Advisory

06 Dec 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-06 16:15

Updated : 2025-09-22 17:52

NVD link : CVE-2024-54136

Mitre link : CVE-2024-54136

CVE.ORG link : CVE-2024-54136

JSON object : View

Products Affected

oxygenz

  • clipbucket
CWE
CWE-502

Deserialization of Untrusted Data