CVE-2015-1000010
published 2016-10-06CVE-2015-1000010: Remote file download in simple-image-manipulator v1.0 wordpress plugin
PriorityP354high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
7.04%
93.4th percentile
Remote file download in simple-image-manipulator v1.0 wordpress plugin
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simple-image-manipulator_project | simple-image-manipulator | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send an unauthenticated HTTP GET request to the plugin's download.php endpoint with a filepath parameter pointing to /etc/passwd; a successful LFI response will contain the root user entry matching 'root:[x*]:0:0'. ↗
- →No authentication or input sanitization is performed on the filepath parameter, allowing arbitrary local file reads by any unauthenticated user. ↗
- →HTTP 200 response combined with the passwd-file regex pattern confirms successful exploitation. ↗
- ·The vulnerable path uses a dot-slash traversal segment (./simple-image-manipulator/) in the plugin URL, which may be normalized by some WAFs or web servers — ensure the literal path is tested as-is. ↗
- ·Affects only version 1.0 of the Simple Image Manipulator WordPress plugin; confirm plugin presence before alerting. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2015-1000010 [HIGH] WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location.
Template:
id: CVE-2015-1000010
info:
name: WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
author: dhiyaneshDK
severity: high
description: |
WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server.
remediation: |
Update t
No writeups or analysis indexed.
2016-10-06
Published