CVE-2015-9271
CRITICALVideowhisper Video Conference - Unrestricted File Upload
Title source: ruleDescription
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=116
Scores
CVSS v3
9.8
EPSS
0.1014
EPSS Percentile
93.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
videowhisper/video_conference
4.91.8
Published
Oct 04, 2018
Tracked Since
Feb 18, 2026