‫ WordPress Video Embed & Thumbnail Generator Plugin Code Execution Vulnerabilities

IRCAD2012021719
 
ID:IRCAD2012021719
Release Date: 2012-02-27
Criticality level: Highly critical
Software:
WordPress Video Embed & Thumbnail Generator Plugin 1.x
 
Description:
Some vulnerabilities have been discovered in the Video Embed & Thumbnail Generator plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to various functions in the wp-content/plugins/video-embed-thumbnail-generator/kg_callffmpeg.php script is not properly sanitised before being used in an "exec()" call. This can be exploited to inject and execute arbitrary shell commands.
The vulnerabilities are confirmed in version 1.1. Other versions may also be affected.
 
Solution:
Update to version 0.2.
 
References:
 
Video Embed & Thumbnail Generator:
 
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 اسفند 1390

امتیاز

امتیاز شما
تعداد امتیازها:0