CVE-2014-1907
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
06/03/2014
Last modified:
03/11/2025
Description
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:live_streaming_integration_plugin:4.27.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:*:*:*:*:*:*:*:* | 4.27.4 (including) | |
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.07:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.25:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:4.25.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page