← back
CVE-2014-1907

CVE-2014-1907

EPSS 10.8%
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/125454unverifiedexploitdbwww.exploit-db.com/exploits/31986unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/125454https://exchange.xforce.ibmcloud.com/vulnerabilities/91478https://www.htbridge.com/advisory/HTB23199