CVE-2015-7527 – Cool Video Gallery <= 1.9 - Authenticated Command Injection

https://notcve.org/view.php?id=CVE-2015-7527

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page. lib/core.php en el plugin Cool Video Gallery 1.9 para WordPress permite a atacantes remotos ejecutar código arbitrario a través de meta carácteres shell en el 'Ancho de la imagen de vista previa' y posiblemente en otros campos de entrada en la página 'Video Gallery Settings'. WordPress Cool Video Gallery plugin version 1.9 suffers from a remote command injection vulnerability. • http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html http://www.openwall.com/lists/oss-security/2015/12/02/9 http://www.securityfocus.com/archive/1/537051/100/0/threaded http://www.vapidlabs.com/advisory.php?v=158 https://wordpress.org/support/topic/command-injection-vulnerability-in-v19 https://wpvulndb.com/vulnerabilities/8348 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •