Vulnerability Details CVE-2015-7527
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html
- http://www.openwall.com/lists/oss-security/2015/12/02/9
- http://www.securityfocus.com/archive/1/537051/100/0/threaded
- http://www.vapidlabs.com/advisory.php?v=158
- https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
- https://wpvulndb.com/vulnerabilities/8348
- http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html
- http://www.openwall.com/lists/oss-security/2015/12/02/9
- http://www.securityfocus.com/archive/1/537051/100/0/threaded
- http://www.vapidlabs.com/advisory.php?v=158
- https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
- https://wpvulndb.com/vulnerabilities/8348
Products affected by CVE-2015-7527
-
cpe:2.3:a:cool_video_gallery_project:cool_video_gallery:1.9