CVE-2014-1907

MEDIUM(6.4)

AV:N/AC:L/Au:N/C:P/I:N/A:P

Risk Signal Score18/100 — NIEDRIG

CVSS 6.4 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.4

Technische Schwere

Beschreibung

Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.

Referenzen

http://packetstormsecurity.com/files/125454
https://exchange.xforce.ibmcloud.com/vulnerabilities/91478
https://www.htbridge.com/advisory/HTB23199
http://packetstormsecurity.com/files/125454
https://exchange.xforce.ibmcloud.com/vulnerabilities/91478
https://www.htbridge.com/advisory/HTB23199