CVE-2014-9181

Plex Media Server <0.9.9.3 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9181.

AI-analyzed exploit summary This advisory details an authentication bypass via SSRF and local file disclosure in Plex Media Server. The SSRF exploit leverages header manipulation to bypass whitelist validation, while the file disclosure relies on directory traversal in unauthenticated endpoints.

Description

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.

Exploits (1)

exploitdb WRITEUP
webappsmultiple
https://www.exploit-db.com/exploits/31983

This advisory details an authentication bypass via SSRF and local file disclosure in Plex Media Server. The SSRF exploit leverages header manipulation to bypass whitelist validation, while the file disclosure relies on directory traversal in unauthenticated endpoints.

Classification
Writeup 100%
Attack Type
Ssrf | Auth Bypass | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Plex Media Server <=0.9.9.2.374-aa23a69
No auth needed
Prerequisites: Network access to Plex Media Server · Knowledge of target endpoints
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0948
EPSS Percentile 94.8%

Details

CWE
CWE-22
Status published
Products (1)
plex/media_server < 0.9.9.2
Published Dec 02, 2014
Tracked Since Feb 18, 2026