en

‫ WordPress Video Embed & Thumbnail Generator Plugin Code Execution Vulnerabilities

IRCAD2012021719
 
ID:IRCAD2012021719
Release Date: 2012-02-27
Criticality level: Highly critical
Software:
WordPress Video Embed & Thumbnail Generator Plugin 1.x
 
Description:
Some vulnerabilities have been discovered in the Video Embed & Thumbnail Generator plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to various functions in the wp-content/plugins/video-embed-thumbnail-generator/kg_callffmpeg.php script is not properly sanitised before being used in an "exec()" call. This can be exploited to inject and execute arbitrary shell commands.
The vulnerabilities are confirmed in version 1.1. Other versions may also be affected.
 
Solution:
Update to version 0.2.
 
References:
 
Video Embed & Thumbnail Generator:
 
 
Secunia:
 

The Wall

No comments
You need to sign in to comment