ThreatPress

WordPress Vulnerabilities Database

Back

WordPress VideoWhisper Live Streaming Integration Plugin <= 4.29.4 - Multiple Directory Traversal

Product
VideoWhisper Live Streaming Integration
Description
Because of these vulnerabilities, the attackers can delete arbitrary files in the "s" parameter to ls/rtmp_logout.php or read arbitrary files in the "s" parameter to ls/rtmp_login.php.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2014-1907
Versions
Affected In <= 4.29.4
Fixed In 4.29.5
Disclosure date
2014-02-07
Credits
High-Tech Bridge SA