Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress VideoWhisper Live Streaming Integration 目录遍历漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。VideoWhisper Live Streaming Integration是其中的一个视频插件。 WordPress VideoWhisper Live Streaming Integration插件4.27.4及之前版本中存在目录遍历漏洞,该漏洞源于ls/rtmp_login.php脚本没有正确过滤‘s’参数,ls/rtmp_logout.php脚本没有正确过
CVSS Information
N/A
Vulnerability Type
N/A