CVE-2015-10136
BaseFortify
Publication date: 2025-07-19
Last updated on: 2025-12-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zishanj | gi-media-library | to 3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The GI-Media Library plugin for WordPress has a Directory Traversal vulnerability in versions before 3.0. This vulnerability exists in the 'fileid' parameter, allowing unauthenticated attackers to read arbitrary files on the server. This means attackers can access sensitive files that they should not be able to view.
How can this vulnerability impact me? :
This vulnerability can allow attackers to read sensitive information stored on the server, potentially exposing confidential data. Since the attack requires no authentication, it poses a significant risk of data leakage and unauthorized information disclosure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could lead to unauthorized disclosure of sensitive personal or protected information, which may result in non-compliance with data protection regulations such as GDPR or HIPAA. Organizations affected by this vulnerability might face legal and regulatory consequences if sensitive data is exposed.