Lucene search
RootSSV:61679HistoryMar 06, 2014 - 12:00 a.m.
WordPress VideoWhisper Live Streaming Integration任意文件上传漏洞
2014-03-0600:00:00
Root
www.seebug.org
17
0.01 Low
EPSS
Percentile
82.2%
Bugtraq ID:65866
CVE ID:CVE-2014-1905
WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。
WordPress VideoWhisper Live Streaming Integration所包含的"/wp-content/plugins/videowhisper-live-streaming-integration/ls/vw_snaps
hots.php"在上传文件到服务器时没有正确校验恶意文件扩展,可导致远程攻击者上传和执行任意PHP文件。
0
WordPress VideoWhisper Live Streaming Integration 4.27.3
厂商补丁:
WordPress
WordPress VideoWhisper Live Streaming Integration 4.29.5已经修复该漏洞,建议用户下载更新:
http://wordpress.org/plugins/videowhisper-live-streaming-integration/
After successful exploitation the remote shell will be accessible via the following URL:
http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/ls/snapshots/1.php.jpg
Successful exploitation of this vulnerability requires that the webserver is not configured to handle the mime-type for media files with .jpg extension.
Related
zdt
zdt
Wordpress VideoWhisper 4.27.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
prion
prion
Unrestricted file upload
2014-12-29 20:59:00
Input validation
2018-10-04 23:29:00
cvelist
cvelist
CVE-2014-1905
2014-12-29 20:00:00
CVE-2015-9271
2018-10-04 23:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2014-1905
2014-12-29 20:59:00
CVE-2015-9271
2018-10-04 23:29:00
patchstack
patchstack
WordPress VideoWhisper Plugin 4.27.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
wpvulndb
wpvulndb
VideoWhisper Live Streaming Integration 4.27.3 - Multiple Vulnerabilities
2014-08-01 00:00:00
securityvulns
securityvulns
exploitpack
exploitpack
WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
openvas
openvas
WordPress VideoWhisper Live Streaming Integration Multiple Vulnerabilities
2014-04-01 00:00:00
packetstorm
packetstorm
htbridge
htbridge
exploitdb
exploitdb
WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities
2014-02-28 00:00:00