QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-42847

Back to search

CVE-2026-42847

Published: May 14, 2026

Modified: May 16, 2026

PUBLISHED

Description

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint admin_area/action_logs.php. The endpoint admin_area/action_logs.php reads $_GET['type'], stores it in $result_array['type'], and forwards it into fetch_action_logs(), where the value is concatenated directly into a SQL WHERE condition on action_type without parameterization. This allows UNION-based SQL injection and direct data exfiltration from the database. This vulnerability is fixed in 5.5.3 - #122.

VendorProductVersions

MacWarrior

clipbucket-v5

affected
< 5.5.3 - #122

Weaknesses (CWE)

CWE-89

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now