Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1905

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-1905
Last Modified 30 Dec 2014 11:37:00
Published 29 Dec 2014 03:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1905

Summary

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.

Vulnerable Systems

Application

  • Videowhisper Live Streaming Integration 4.27.4


References

MISC - https://www.htbridge.com/advisory/HTB23199


Last Updated: 27 May 2016 11:07:22