ClipBucket Unauthenticated File Upload Vulnerability Leading to Remote Code Execution

A vulnerability exists in ClipBucket versions through 5.5.0, allowing unauthenticated users to upload arbitrary files via the plupload endpoint in photo_uploader.php. This issue arises from inadequate access controls, enabling the upload of executable PHP files that could be executed remotely, resulting in a full server compromise.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, which can be executed as PHP scripts, leading to remote code execution on the server.

Reproduction

To reproduce this vulnerability, send a multipart POST request to the photo_uploader.php file within the upload/actions directory. The request must include a PHP file disguised as an image, such as a web shell, using a standard image file extension. Once uploaded, the PHP file can be accessed through the web server, and if the uploaded payload is a web shell, it can be executed to run commands on the server.

Remediation

Users are advised to update to ClipBucket version 5.5.2 or later, where this vulnerability has been addressed.