Lucene search

[email protected]CVE-2014-1908

HistoryDec 29, 2014 - 8:59 p.m.

CVE-2014-1908

2014-12-2920:59:00

CWE-200

[email protected]

web.nvd.nist.gov

videowhisper

live streaming

integration

wordpress

security vulnerability

remote attack

sensitive information

cve-2014-1908

nvd

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

CPENameOperatorVersion
videowhisper:videowhisper_live_streaming_integrationvideowhisper videowhisper live streaming integrationle4.27.4

CPE	Name	Operator	Version
videowhisper:videowhisper_live_streaming_integration	videowhisper videowhisper live streaming integration	le	4.27.4

References

www.htbridge.com/advisory/HTB23199

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2014-1908

prion1 patchstack2 seebug1 cvelist1 wpvulndb1 securityvulns2 htbridge1 packetstorm1 exploitpack1 openvas1 exploitdb1