cbcvebase.
CVE-2015-10142
published 2025-07-25

CVE-2015-10142: Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior…

PriorityP341medium6.9CVSS 4.0
AVNACLATNPRNUINVCLVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.47%
37.4th percentile
Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.

Affected

3 ranges
VendorProductVersion rangeFixed in
sitecorecontent_management_system< 7.2 Update-3 (rev. 141226)7.2 Update-3 (rev. 141226)
sitecorecontent_management_system< 7.5 Update-1 (rev. 150130)7.5 Update-1 (rev. 150130)
sitecoreexperience_platform< 8.0 Initial Release (rev. 141212)8.0 Initial Release (rev. 141212)
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.