CVE-2015-7527

Exploit

EPSS 7.13%
Veröffentlicht 17.12.2015 19:59:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Cool Video Gallery <= 1.9 - Authenticated Command Injection

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.

Mögliche Gegenmaßnahme

Cool Video Gallery: Update to version 2.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Cool Video Gallery

Version [*, 2.0)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cool Video Gallery Project ≫ Cool Video Gallery Version1.9 SwPlatformwordpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.13%	0.913

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html

Exploit

http://www.openwall.com/lists/oss-security/2015/12/02/9

Exploit

http://www.securityfocus.com/archive/1/537051/100/0/threaded

http://www.vapidlabs.com/advisory.php?v=158

Exploit

https://wordpress.org/support/topic/command-injection-vulnerability-in-v19

Exploit

https://wpvulndb.com/vulnerabilities/8348

https://www.wordfence.com/threat-intel/vulnerabilities/id/f098d66f-43a6-44e9-b836-2994d2c97782

Third Party Advisory