CVE-2026-21875 | MacWarrior clipbucket-v5 up to 5.5.2-#187 POST Request /actions/ajax.php user_exists ID sql injection (GHSA-crpv-fmc4-j392)

January 8, 2026 Yanac

A vulnerability labeled as critical has been found in MacWarrior clipbucket-v5 up to 5.5.2-#187. This impacts the function user_exists of the file /actions/ajax.php of the component POST Request Handler. Such manipulation of the argument ID leads to sql injection.

This vulnerability is documented as CVE-2026-21875. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More