CVE-2014-1908

Currently unrated

Key Information:

Vendor: Wordpress
Status: Videowhisper Live Streaming Integration
Vendor: CVE Published:; 29 December 2014

Summary

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

References

https://www.htbridge.com/advisory/HTB23199

x_refsource_MISC

Timeline

Vulnerability published
Dec 29, 2014
Vulnerability Reserved
Feb 7, 2014