SecuritySpace - CVE-2014-1905

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-1905

Description: Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live- streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-1905
https://www.htbridge.com/advisory/HTB23199

CVE ID:	CVE-2014-1905
Description:	Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live- streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1905 https://www.htbridge.com/advisory/HTB23199