HTTP: ClipBucket CVE-2018-7664 Command Injection

This signature detects attempts to exploit a known vulnerability against ClipBucket. A successful attack can lead to command injection.

Extended Description

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.

Affected Products

Clip-bucket clipbucket

References

CVE: CVE-2018-7664

Short Name
HTTP:CVE-2018-7664-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-7664 ClipBucket Command Injection
Release Date
02/28/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Clip-bucket

CVSS Score

10.0

Found a potential security threat?