7.5
CVE-2015-7527
- EPSS 5.23%
- Veröffentlicht 17.12.2015 19:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginCool Video Gallery <= 1.9 - Authenticated Command Injection
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.
Mögliche Gegenmaßnahme
Cool Video Gallery: Update to version 2.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cool Video Gallery Project ≫ Cool Video Gallery Version1.9 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Cool Video Gallery
Version
[*, 2.0)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.23% | 0.914 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html
http://www.openwall.com/lists/oss-security/2015/12/02/9
http://www.securityfocus.com/archive/1/537051/100/0/threaded
http://www.vapidlabs.com/advisory.php?v=158
https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
https://wpvulndb.com/vulnerabilities/8348
https://www.wordfence.com/threat-intel/vulnerabilities/id/f098d66f-43a6-44e9-b836-2994d2c97782