CVE-2015-10136

EPSS 2.04%
Veröffentlicht 19.07.2025 09:23:51
Zuletzt bearbeitet 16.12.2025 16:40:40
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

GI-Media Library < 3.0 - Directory Traversal

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Mögliche Gegenmaßnahme

GI-Media Library: Update to version 3.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zishanj ≫ Gi-media-library SwPlatformwordpress Version < 3.0

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt GI-Media Library

Version [*, 3.0)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.04%	0.786

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve

Third Party Advisory

http://wordpressa.quantika14.com/repository/index.php?id=24

Broken Link

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb

Product

https://wpscan.com/vulnerability/7754

Broken Link

https://wordpress.org/plugins/gi-media-library/#developers

Product

https://plugins.trac.wordpress.org/changeset/1132677

Patch

https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-10136

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-10136

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-10136

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-10136