Описание
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 4.27.4 (включая)
Одновременно
Одно из
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:*:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.0:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.1:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:2.2:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.05:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.07:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.25.3:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:*:*:*:*:*:*:*
cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10406
Средний
6.4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
около 3 лет назад
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
EPSS
Процентиль: 93%
0.10406
Средний
6.4 Medium
CVSS2
Дефекты
CWE-22