CVE-2015-10136

HIGH

GI-Media Library <3.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-10136. PoCs published by Unknown, including Metasploit module auxiliary/scanner/http/wp_gimedia_library_file_read.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in the WordPress GI-Media Library plugin (version 2.2.2) to read arbitrary files from the server. It uses a base64-encoded traversal path to bypass restrictions and retrieve files like wp-config.php.

Description

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Exploits (1)

metasploit WORKING POC
by Unknown · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb

This Metasploit module exploits a directory traversal vulnerability in the WordPress GI-Media Library plugin (version 2.2.2) to read arbitrary files from the server. It uses a base64-encoded traversal path to bypass restrictions and retrieve files like wp-config.php.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress GI-Media Library Plugin version 2.2.2
No auth needed
Prerequisites: Target must have the vulnerable GI-Media Library plugin installed · Network access to the WordPress site
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 7.5
EPSS 0.0196
EPSS Percentile 77.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (2)
zishanj/GI-Media Library < 3.0
zishanj/gi-media-library < 3.0
Published Jul 19, 2025
Tracked Since Feb 18, 2026