CVE-2014-1908

Published: Dec 29, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

Affected (1)

Products: Videowhisper: Videowhisper Live Streaming Integration

1 product

Videowhisper Live Streaming Integration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videowhisper Videowhisper Live Streaming Integration	Up to 4.27.4

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.htbridge.com/advisory/HTB23199

Source: cve@mitre.org

Exploit

https://www.htbridge.com/advisory/HTB23199

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.