WordPress VideoWhisper Live Streaming Integration多个信息泄漏漏洞

2014-03-06T00:00:00
ID SSV:61678
Type seebug
Reporter Root
Modified 2014-03-06T00:00:00

Description

Bugtraq ID:65880 CVE ID:CVE-2014-1908

WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。

WordPress VideoWhisper Live Streaming Integration多个脚本不正确实现错误处理机制,允许远程攻击者利用漏洞提交特制的HTTP GET请求,获取敏感应用信息。 0 WordPress VideoWhisper Live Streaming Integration 4.27.3 厂商补丁:

WordPress

WordPress VideoWhisper Live Streaming Integration 4.29.5已经修复该漏洞,建议用户下载更新:

http://wordpress.org/plugins/videowhisper-live-streaming-integration/

                                        
                                            
                                                The following URL can be used to gain knowledge of full installation path of the application:

http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/bp.php

http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/videowhisper_streaming.php

http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/ls/rtmp.inc.php