CVE-2014-1908

VideoWhisper Live Streaming <4.29.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1908. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This is a detailed advisory describing multiple vulnerabilities in VideoWhisper Live Streaming Integration, including arbitrary file upload, XSS, and path traversal. It provides PoC examples for exploitation but does not contain executable exploit code.

Description

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

Exploits (1)

exploitdb WRITEUP

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/31986

View Code ZIP pw:eip

This is a detailed advisory describing multiple vulnerabilities in VideoWhisper Live Streaming Integration, including arbitrary file upload, XSS, and path traversal. It provides PoC examples for exploitation but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: VideoWhisper Live Streaming Integration 4.27.3 and prior

No auth needed

Prerequisites: Access to the vulnerable plugin endpoints · Web server misconfiguration for file uploads

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23199

Scores

EPSS 0.0720

EPSS Percentile 93.5%

Details

CWE

CWE-200

Status published

Products (1)

videowhisper/videowhisper_live_streaming_integration < 4.27.4

Published Dec 29, 2014

Tracked Since Feb 18, 2026