Lucene search

[email protected]CVE-2014-1907

HistoryMar 06, 2014 - 3:55 p.m.

CVE-2014-1907

2014-03-0615:55:28

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-1907

videowhisper

live streaming

integration

plugin

wordpress

directory traversal

vulnerability

remote attackers

arbitrary files

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a … (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a … (dot dot) in the s parameter to ls/rtmp_logout.php.

Affected configurations

NVD

Node

videowhisperlive_streaming_integration_pluginRange≤4.27.4

videowhisperlive_streaming_integration_pluginMatch1.0.2

videowhisperlive_streaming_integration_pluginMatch2.0

videowhisperlive_streaming_integration_pluginMatch2.1

videowhisperlive_streaming_integration_pluginMatch2.2

videowhisperlive_streaming_integration_pluginMatch4.05

videowhisperlive_streaming_integration_pluginMatch4.07

videowhisperlive_streaming_integration_pluginMatch4.25

videowhisperlive_streaming_integration_pluginMatch4.25.3

videowhisperlive_streaming_integration_pluginMatch4.27

videowhisperlive_streaming_integration_pluginMatch4.27.3

AND

wordpresswordpressMatch-

CPENameOperatorVersion
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration pluginle4.27.4
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq1.0.2
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq2.0
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq2.1
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq2.2
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.05
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.07
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.25
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.25.3
videowhisper:live_streaming_integration_pluginvideowhisper live streaming integration plugineq4.27

CPE	Name	Operator	Version
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	le	4.27.4
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	1.0.2
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	2.0
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	2.1
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	2.2
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.05
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.07
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.25
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.25.3
videowhisper:live_streaming_integration_plugin	videowhisper live streaming integration plugin	eq	4.27