← back
CVE-2015-7527

CVE-2015-7527

EPSS 5.2%
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.htmlhttps://wordpress.org/support/topic/command-injection-vulnerability-in-v19https://wpvulndb.com/vulnerabilities/8348http://www.openwall.com/lists/oss-security/2015/12/02/9http://www.securityfocus.com/archive/1/537051/100/0/threadedhttp://www.vapidlabs.com/advisory.php?v=158