CVE-2014-1907
Published Mar 6, 2014
Last updated 7 years ago
Overview
- Description
- Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A950AF58-B660-48FA-9E55-8C4744C08CB5",
"versionEndIncluding": "4.27.4"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2C3113C-387A-4749-8361-619C93D08014"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B486B92A-9357-457F-A633-208AD9C5FF02"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DC6CC23-0363-49EC-9025-049E7C9CBB99"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A97D9527-A5D0-496B-823B-F3603C66039F"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD22D533-0ED0-4064-BE06-E1E2DF841B00"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A01AF49-B97A-421A-B0E5-DCAA2BA6927F"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28DEFF7E-9696-4774-8042-F9AD50B89AE9"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BE9DF77-08B9-4DD6-9FD3-B18878893E9E"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB6D9AF7-A6FC-449A-99A8-73B1751EB2F7"
},
{
"criteria": "cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27EB1FE0-F754-4B66-961F-1566873FB696"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]