Bugtraq ID:65880
CVE ID:CVE-2014-1908
WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。
WordPress VideoWhisper Live Streaming Integration多个脚本不正确实现错误处理机制,允许远程攻击者利用漏洞提交特制的HTTP GET请求,获取敏感应用信息。
0
WordPress VideoWhisper Live Streaming Integration 4.27.3
厂商补丁:
WordPress VideoWhisper Live Streaming Integration 4.29.5已经修复该漏洞,建议用户下载更新:
http://wordpress.org/plugins/videowhisper-live-streaming-integration/
The following URL can be used to gain knowledge of full installation path of the application:
http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/bp.php
http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/videowhisper_streaming.php
http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/ls/rtmp.inc.php