cbcvebase.
CVE-2015-1000010
published 2016-10-06

CVE-2015-1000010: Remote file download in simple-image-manipulator v1.0 wordpress plugin

PriorityP354high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
7.04%
93.4th percentile
Remote file download in simple-image-manipulator v1.0 wordpress plugin

Affected

1 ranges
VendorProductVersion rangeFixed in
simple-image-manipulator_projectsimple-image-manipulator

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd
path./simple-image-manipulator/controller/download.php
  • Send an unauthenticated HTTP GET request to the plugin's download.php endpoint with a filepath parameter pointing to /etc/passwd; a successful LFI response will contain the root user entry matching 'root:[x*]:0:0'.
  • No authentication or input sanitization is performed on the filepath parameter, allowing arbitrary local file reads by any unauthenticated user.
  • HTTP 200 response combined with the passwd-file regex pattern confirms successful exploitation.
  • ·The vulnerable path uses a dot-slash traversal segment (./simple-image-manipulator/) in the plugin URL, which may be normalized by some WAFs or web servers — ensure the literal path is tested as-is.
  • ·Affects only version 1.0 of the Simple Image Manipulator WordPress plugin; confirm plugin presence before alerting.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.