Directory Traversal Vulnerabilities in VideoWhisper Live Streaming Integration for WordPress
CVE-2014-1907

Currently unrated

Key Information:

Vendor

Wordpress
Status
Live Streaming Integration Plugin
Vendor
CVE Published:
6 March 2014

What is CVE-2014-1907?

Multiple directory traversal vulnerabilities exist in the VideoWhisper Live Streaming Integration plugin for WordPress, specifically before version 4.29.5. These vulnerabilities enable remote attackers to exploit improperly validated input in the 's' parameter. By leveraging this flaw, attackers can read arbitrary files via a '../' sequence when accessing 'ls/rtmp_login.php', or they can delete arbitrary files by exploiting the same sequence when calling 'ls/rtmp_logout.php'. This presents significant security risks, including unauthorized data access and potential service disruption.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/125454
x_refsource_MISC
https://www.htbridge.com/advisory/HTB23199
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/91478
vdb-entryx_refsource_XF

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.