9.8
CVE-2023-25699
- EPSS 1.44%
- Veröffentlicht 03.04.2024 13:15:59
- Zuletzt bearbeitet 15.04.2025 21:08:51
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.
Mögliche Gegenmaßnahme
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: Update to version 5.5.16, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
Version
* - 5.5.15
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Videowhisper ≫ Videowhisper Live Streaming Integration SwPlatformwordpress Version < 5.5.16
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.801 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 9 | 2.2 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.