CVE-2014-1907

Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
Path Traversal
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
videowhisperlive_streaming_integration_plugin
𝑥
≤ 4.27.4
videowhisperlive_streaming_integration_plugin
1.0.2
videowhisperlive_streaming_integration_plugin
2.0
videowhisperlive_streaming_integration_plugin
2.1
videowhisperlive_streaming_integration_plugin
2.2
videowhisperlive_streaming_integration_plugin
4.05
videowhisperlive_streaming_integration_plugin
4.07
videowhisperlive_streaming_integration_plugin
4.25
videowhisperlive_streaming_integration_plugin
4.25.3
videowhisperlive_streaming_integration_plugin
4.27
videowhisperlive_streaming_integration_plugin
4.27.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/125454
https://exchange.xforce.ibmcloud.com/vulnerabilities/91478
https://www.htbridge.com/advisory/HTB23199
http://packetstormsecurity.com/files/125454
https://exchange.xforce.ibmcloud.com/vulnerabilities/91478
https://www.htbridge.com/advisory/HTB23199