CVE-2014-1905 — HIGH (10.0)

Q: How severe is CVE-2014-1905?

CVE-2014-1905 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1905?

Check the references section above for vendor advisories and patch information. Affected products include: Videowhisper Videowhisper Live Streaming Integration.

Vulnerability Description

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Videowhisper	Videowhisper Live Streaming Integration	<= 4.27.4

Related Weaknesses (CWE)

CWE-77

References

https://www.htbridge.com/advisory/HTB23199Exploit
https://www.htbridge.com/advisory/HTB23199Exploit

FAQ

What is CVE-2014-1905?

CVE-2014-1905 is a vulnerability with a CVSS score of 10.0 (HIGH). Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by...

How severe is CVE-2014-1905?

CVE-2014-1905 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1905?

Check the references section above for vendor advisories and patch information. Affected products include: Videowhisper Videowhisper Live Streaming Integration.