What is CVE-2018-7665?

CVE-2018-7665 is a vulnerability in N/a. Published 2018-03-05.

Is CVE-2018-7665 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-7665

An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.

EPSS: 0.711 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
Project-WARMIND/Exploit-Modules
r1nzleer/ClipBucket-Arbitrary-File-Upload
sha-16/ClipBucket-Arbitrary-File-Upload

References

lists.openwall.net/full-disclosure/2018/02/27/1 (x_refsource_MISC)
www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-uplo… (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-7665?: CVE-2018-7665 is a vulnerability in N/a. Published 2018-03-05.
Is CVE-2018-7665 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.