Cool Video Gallery < 2.0 – Authenticated Command Injection | CVE 2015-7527

Affects Plugins

cool-video-gallery

Fixed in 2.0

References

CVE

CVE-2015-7527

URL

http://www.vapidlabs.com/advisory.php?v=158

URL

https://www.openwall.com/lists/oss-security/2015/12/02/9

URL

https://seclists.org/bugtraq/2015/Dec/27

URL

https://plugins.trac.wordpress.org/changeset/1368619/cool-video-gallery

Classification

Type

RCE

OWASP top 10

A1: Injection

CWE

CWE-94

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

2b852da5-1790-400c-b36f-fe70bbdf03eb

Timeline

Publicly Published

2015-12-02 (about 10 years ago)

Added

2015-12-04 (about 10 years ago)

Last Updated

2021-06-08 (about 4 years ago)

Other

Published

Title

Published

2024-10-25

Title

Uix Shortcodes < 2.0.0 - Unauthenticated Arbitrary Shortcode Execution

Published

2019-04-08

Title

Groundhogg < 1.3.5 - Remote Code Execution

Published

2022-10-28

Title

Api2Cart Bridge Connector < 1.2.0 - Unauthenticated RCE

Published

2024-05-28

Title

Unlimited Elements for Elementor < 1.5.91 - Contributor+ Remote Code Execution via template import

Published

2024-11-01

Title

Media Library Assistant < 3.20 - Authenticated (Administrator+) Remote Code Execution