Lucene search

[email protected]CVE-2014-1905

HistoryDec 29, 2014 - 8:59 p.m.

CVE-2014-1905

2014-12-2920:59:00

CWE-77

[email protected]

web.nvd.nist.gov

cve-2014-1905

file upload

remote code execution

videowhisper

wordpress

vulnerability

nvd

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.6%

JSON

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.

CPENameOperatorVersion
videowhisper:videowhisper_live_streaming_integrationvideowhisper videowhisper live streaming integrationle4.27.4

CPE	Name	Operator	Version
videowhisper:videowhisper_live_streaming_integration	videowhisper videowhisper live streaming integration	le	4.27.4

References

www.htbridge.com/advisory/HTB23199

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for CVE-2014-1905

zdt1 prion2 seebug1 cvelist2 checkpoint_advisories1 patchstack1 cve1 wpvulndb1 securityvulns2 exploitpack1 openvas1 packetstorm1 htbridge1 exploitdb1