Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-21624 PoC — ClipBucket V5 Playlist Cover File Upload to Remote Code Execution

Source
https://github.com/shreyas-malhotra/CVE-2025-21624
Associated Vulnerability
Title:ClipBucket V5 Playlist Cover File Upload to Remote Code Execution (CVE-2025-21624)
Description:ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239.
Description
PoC, and documentation of deployment of a vulnerable instance of ClipBucket-v5 for demonstration of CVE-2025-21624.
File Snapshot

 [4.0K]  /data/pocs/717b8ef5c735f3fc1c307261ceac537713f8bbef
├── [4.0K]  attachments
│   └── [117K]  Screenshot from 2025-03-02 17-48-56.png
├── [1.7K]  Development of build script.md
└── [4.4K]  Exploitation.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →