CVE-2015-10136

EPSS 48.6%
Veröffentlicht 19.07.2025 09:23:51
Zuletzt bearbeitet 16.12.2025 16:40:40
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

GI-Media Library < 3.0 - Directory Traversal

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Mögliche Gegenmaßnahme

GI-Media Library: Update to version 3.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt GI-Media Library

Version [*, 3.0)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zishanj ≫ Gi-media-library SwPlatformwordpress Version < 3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	48.6%	0.976

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve

Third Party Advisory

http://wordpressa.quantika14.com/repository/index.php?id=24

Broken Link

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb

Product

https://wpscan.com/vulnerability/7754

Broken Link

https://wordpress.org/plugins/gi-media-library/#developers

Product

https://plugins.trac.wordpress.org/changeset/1132677

Patch