Volerion logoVolerion
Volerion logoVolerion

ClipBucket Custom Fields Plugin SQL Injection Vulnerability for Administrators

Vulnerability

A SQL injection vulnerability has been identified in the ClipBucket video sharing platform, specifically in version 5.5.2 - #151 and earlier. This vulnerability allows authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database, through the ClipBucket Custom Fields plugin. The issue arises from user input being directly concatenated into SQL queries without proper sanitization, creating an opportunity for SQL injection attacks. The vulnerability can be exploited by administrators who have access to the plugin interface, but only if the Custom Fields plugin is installed and active.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, enabling affected administrators to execute arbitrary SQL commands. This could lead to unauthorized data access, modification of database records, disclosure of sensitive information, and potentially escalate privileges within the database context.

Remediation

Users can upgrade to ClipBucket version 5.5.2 - #152 or later, where this vulnerability has been fixed.

Added: Nov 6, 2025, 12:18 AM
Updated: Nov 6, 2025, 12:18 AM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
3.1
exploitability
5.6
remediation
7.7
relevance
0.9
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.