CVE-2014-1905 in Live Streaming Integration
Summary
by MITRE
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/30/2025
The vulnerability identified as CVE-2014-1905 represents a critical unrestricted file upload flaw within the VideoWhisper Live Streaming Integration plugin for WordPress. This vulnerability affects versions prior to 4.29.5 and exposes systems to remote code execution attacks through a sophisticated technique involving double extensions in uploaded files. The flaw resides in the ls/vw_snapshots.php script which handles file uploads without proper validation of file types or content, creating a pathway for malicious actors to bypass security measures and execute arbitrary PHP code on affected servers.
The technical implementation of this vulnerability exploits the predictable behavior of web servers when handling files with double extensions. Attackers can upload a file named .php.jpg which appears to be a legitimate image file due to its .jpg extension, but contains malicious PHP code within the .php portion. When the web server processes this file, it typically executes the PHP code portion while treating the file as an image due to the extension validation. This technique leverages the server's handling of file extensions rather than strict content validation, making it particularly dangerous as it can bypass many standard security filters and antivirus solutions that rely on extension-based detection.
The operational impact of this vulnerability extends beyond simple code execution to encompass full system compromise capabilities. Once an attacker successfully uploads a malicious file, they gain the ability to execute arbitrary commands on the web server, potentially leading to complete system takeover. This vulnerability affects WordPress installations where the VideoWhisper plugin is installed, creating a persistent backdoor that can be used for data exfiltration, server enumeration, and further lateral movement within compromised networks. The vulnerability demonstrates a classic lack of input validation and output encoding that aligns with CWE-434, which specifically addresses unrestricted file upload vulnerabilities where applications fail to validate file types and content before storing them.
The attack vector requires minimal privileges and can be executed remotely, making it particularly dangerous for widespread exploitation. Attackers need only upload a specially crafted file through the legitimate plugin upload interface, then access the file via direct URL requests to the snapshots directory. This approach bypasses many traditional security measures including web application firewalls that might only inspect the file extension rather than the actual file content. The vulnerability also relates to ATT&CK technique T1190 which describes the use of legitimate credentials to access systems, though in this case the vulnerability itself provides the access vector through the file upload mechanism.
Mitigation strategies for CVE-2014-1905 require immediate patching of the VideoWhisper plugin to version 4.29.5 or later, which implements proper file type validation and content verification. Organizations should also implement additional security measures including restricting file upload capabilities to authenticated users only, implementing strict file type validation that checks actual file content rather than just extensions, and configuring web servers to reject files with dangerous extensions or execute them in a sandboxed environment. The fix should include proper MIME type checking, file content analysis, and removal of any file upload functionality that allows direct execution of uploaded files. Additionally, implementing web application firewalls with advanced content inspection capabilities can provide defense-in-depth against similar vulnerabilities, while regular security audits of installed plugins and themes can help identify other potential entry points for attackers.