Multiple SQL Injection vulnerabilities in ClipBucket
|Vendor:||Arslan and his Team|
|Vulnerable Versions:||2.6 Revision 738 and probably prior|
|Tested Version:||2.6 Revision 738|
|Advisory Publication:||November 7, 2012 [without technical details]|
|Vendor Notification:||November 7, 2012|
|Vendor Fix:||November 28, 2012|
|Public Disclosure:||December 5, 2012|
|Latest Update:||November 29, 2012|
|Vulnerability Type:||SQL Injection [CWE-89]|
|CVSSv2 Base Score:||7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in ClipBucket, which can be exploited to perform SQL Injection attacks.
|Apply CB SQL Injection Fix 11282012 patch or upgrade to ClipBucket 2.6 r738 with security fixes (clipbucket-2.6-r738-security-fixed-p2).|
| High-Tech Bridge Advisory HTB23125 - https://www.htbridge.com/advisory/HTB23125 - Multiple SQL Injection vulnerabilities in ClipBucket.|
 ClipBucket - http://clip-bucket.com - ClipBucket is free and opensource video sharing script , you can create your own youtube like website in matter of minutes. A complete video sharing solution and social networking website software.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.