Lucene search

[email protected]CVE-2015-7527

HistoryDec 17, 2015 - 7:59 p.m.

CVE-2015-7527

2015-12-1719:59:04

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-7527

cool video gallery

wordpress

remote code execution

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the “Width of preview image” and possibly other input fields in the “Video Gallery Settings” page.

Affected configurations

NVD

Node

cool_video_gallery_projectcool_video_galleryMatch1.9wordpress

CPENameOperatorVersion
cool_video_gallery_project:cool_video_gallerycool video gallery project cool video galleryeq1.9

CPE	Name	Operator	Version
cool_video_gallery_project:cool_video_gallery	cool video gallery project cool video gallery	eq	1.9

References

packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html

www.openwall.com/lists/oss-security/2015/12/02/9

www.securityfocus.com/archive/1/537051/100/0/threaded

www.vapidlabs.com/advisory.php?v=158

wordpress.org/support/topic/command-injection-vulnerability-in-v19

wpvulndb.com/vulnerabilities/8348

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2015-7527

cvelist1 zdt1 patchstack1 nvd1 packetstorm1 wpvulndb1 prion1