CVE-2013-10040

UNKNOWN 0.0

ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.

CWE	CWE-434
Vendor	clipbucket llc
Product	clipbucket
Published	Jul 31, 2025
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for clipbucket llc clipbucket

Be the first to know when new unknown vulnerabilities affecting clipbucket llc clipbucket are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ClipBucket LLC / ClipBucket

* ≤ 2.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/clipbucket_upload_exec.rb packetstorm.news: https://packetstorm.news/files/id/123480 github.com: https://github.com/arslancb/clipbucket clipbucket.com: https://clipbucket.com/ vulncheck.com: https://www.vulncheck.com/advisories/clipbucket-arbitrary-file-upload-rce

Credits

Gabby