Описание
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7527
- https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
- https://wpvulndb.com/vulnerabilities/8348
- http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html
- http://www.openwall.com/lists/oss-security/2015/12/02/9
- http://www.securityfocus.com/archive/1/537051/100/0/threaded
- http://www.vapidlabs.com/advisory.php?v=158
Связанные уязвимости
nvd
около 10 лет назад
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.