CVE-2023-25699

CRITICAL

VideoWhisper Live Streaming Integration <= 5.5.15 - OS Command Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve

Scores

CVSS v3 9.0

EPSS 0.0129

EPSS Percentile 66.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

videowhisper/videowhisper_live_streaming_integration < 5.5.16

VideoWhisper.com/VideoWhisper Live Streaming Integration < 5.5.15

Published Apr 03, 2024

Tracked Since Feb 18, 2026