CVE-2015-10142— Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path
Affected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sitecore | Content Management System (CMS) | < 7.2 Update-3 (rev. 141226) | affected |
< 7.5 Update-1 (rev. 150130) | affected | ||
| Sitecore | Experience Platform (XP) | < 8.0 Initial Release (rev. 141212) | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2015-10142
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
资源在另一范围的外部可控制索引
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sitecore Experience Platform(XP) 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sitecore Experience Platform(XP)是丹麦Sitecore公司的一套客户数字体验平台。 Sitecore Experience Platform(XP)存在安全漏洞,该漏洞源于特制URL可能导致文件下载。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Sitecore | Experience Platform (XP) | 0 ~ 8.0 Initial Release (rev. 141212) | - | |
| Sitecore | Content Management System (CMS) | 0 ~ 7.2 Update-3 (rev. 141226) | - |
II. Public POCs for CVE-2015-10142
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2015-10142
请登录查看更多情报信息。
Vendor Pages for CVE-2015-10142 (1)
Same Patch Batch · Sitecore · 2025-07-25 · 4 CVEs total
| CVE-2022-4979 | Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS | |
| CVE-2025-34139 | Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read | |
| CVE-2020-36850 | Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure |
IV. Related Vulnerabilities
Same vendor: Sitecore
- CVE-2025-53692
Sitecore Experience Platform Cross-Site Scripting Vulnerabil - CVE-2025-53690
Sitecore Products ViewState Deserialization Vulnerability - CVE-2025-53691
Sitecore Experience Remote Code Execution through Insecure D - CVE-2025-53693
HTML Cache Poisoning through Unsafe Reflections - CVE-2025-53694
Information Disclosure in ItemServices API
Same weakness: CWE-610
- CVE-2026-45760
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack - CVE-2026-34327
Microsoft Partner Center Spoofing Vulnerability - CVE-2026-0522
Local File Inclusion in the File Upload/Download Process - CVE-2026-32008
OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser - CVE-2026-28722
Acronis Cyber Protect 安全漏洞
V. Comments for CVE-2015-10142
No comments yet