CVE-2014-1905
published 2014-12-29CVE-2014-1905: Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote…
PriorityP265critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.36%
95.1th percentile
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| videowhisper | video_conference | — | — |
| videowhisper | videowhisper_live_streaming_integration | <= 4.27.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires the webserver to execute files with .jpg extension as PHP (misconfigured MIME handling); detect by monitoring for PHP execution originating from the snapshots upload directory. ↗
- ·Exploitation of CVE-2014-1905 is only possible when the web server is misconfigured to execute .jpg files as PHP (i.e., lacks proper MIME-type enforcement for media file extensions). ↗
- ·A related but distinct vulnerability (CVE-2015-9271) in the videowhisper-video-conference-integration plugin uses a different bypass: files are considered safe when 'html' are the last four characters, enabling upload of .phtml files with PHP code. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7m98-6gvg-8j73: Unrestricted file upload vulnerability in ls/vw_snapshots
ghsa_unreviewed·2022-05-17
CVE-2014-1905 [HIGH] CWE-77 GHSA-7m98-6gvg-8j73: Unrestricted file upload vulnerability in ls/vw_snapshots
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
GHSA
GHSA-gh48-g7px-c2qf: The VideoWhisper videowhisper-video-conference-integration plugin 4
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2015-9271 [CRITICAL] CWE-434 GHSA-gh48-g7px-c2qf: The VideoWhisper videowhisper-video-conference-integration plugin 4
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905.
No detection rules found.
No writeups or analysis indexed.
2014-12-29
Published