{"vulnerability": "GHSA-98vm-2xqm-xrcc", "sightings": [{"uuid": "c056d518-b7f2-4805-b6a9-60e6da604260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-98VM-2XQM-XRCC", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/498", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21624\n\ud83d\udd39 Description: ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239.\n\ud83d\udccf Published: 2025-01-07T15:46:11.169Z\n\ud83d\udccf Modified: 2025-01-07T17:02:34.217Z\n\ud83d\udd17 References:\n1. https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc\n2. https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b", "creation_timestamp": "2025-01-07T17:42:33.000000Z"}, {"uuid": "b59b816a-807e-4905-a3ab-1bb72ab83dc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-98vm-2xqm-xrcc", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113787932671356345", "content": "", "creation_timestamp": "2025-01-07T16:07:44.040830Z"}]}