PT-2015-7561 · WordPress · Cool Video Gallery

Larry W. Cashdollar

Published

2015-12-17

Updated

2018-10-09

CVE-2015-7527

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cool Video Gallery plugin version 1.9

Description The issue allows remote attackers to execute arbitrary code via shell metacharacters in the Width of preview image and possibly other input fields in the "Video Gallery Settings" page. This is due to a vulnerability in the lib/core.php file of the Cool Video Gallery plugin.

Recommendations For Cool Video Gallery plugin version 1.9, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the "Video Gallery Settings" page to minimize the risk of arbitrary code execution. Avoid using shell metacharacters in input fields, such as Width of preview image, until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-7527

Affected Products

Cool Video Gallery

PT-2015-7561 · WordPress · Cool Video Gallery

CVE-2015-7527

Weakness Enumeration

Related Identifiers

Affected Products

References · 8