CVE-2015-7527
Cool Video Gallery 1.9 - Remote Code Execution via Shell Metacharacters in Video Gallery Settings
Title source: llmDescription
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=158
Exploit x_refsource_misc
http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/02/9
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8348
Exploit x_refsource_misc
https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537051/100/0/threaded
Scores
EPSS
0.0523
EPSS Percentile
91.5%
Details
CWE
CWE-20
Status
published
Products (1)
cool_video_gallery_project/cool_video_gallery
1.9
Published
Dec 17, 2015
Tracked Since
Feb 18, 2026