ClipBucket Arbitrary PHP Code Execution Vulnerability Allowing Remote Code Execution

A vulnerability in ClipBucket version 5 prior to 5.5.2 #147 allows for arbitrary PHP code execution, leading to remote code execution (RCE). The issue is located in the 'upload/admin_area/actions/update_launch.php' file, where the 'type' parameter from POST requests is executed without proper sanitization. This flaw enables attackers to inject malicious code that is executed on the server.

Impact

Exploitation of this vulnerability allows authenticated administrators to execute arbitrary PHP code on the server, with the executed code running under the web server's user privileges.

Reproduction

To reproduce this vulnerability, an authenticated administrator can send a POST request to 'upload/admin_area/actions/update_launch.php' with a crafted 'type' parameter. The injected code will be executed on the server, allowing for arbitrary PHP code execution. This can be done using a tool like cURL, by including the PHPSESSID of an active administrator session.

Remediation

Users can update to ClipBucket version 5.5.2 #147 or later to address this vulnerability.