Vulnerability Details CVE-2014-1905
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.18
EPSS Ranking 94.8%
CVSS Severity
CVSS v2 Score 10.0
Products affected by CVE-2014-1905
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:1.0.2
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.0
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.1
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.2
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.0.5
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.0.7
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.25
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.27
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.27.2
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.27.3
-
cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.27.4