CVE-2015-10142
Published: Jul 25, 2025
Modified: May 15, 2026
Description
Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.
| Vendor | Product | Versions |
|---|---|---|
Sitecore | Experience Platform (XP) | affected 0 - < 8.0 Initial Release (rev. 141212) |
Sitecore | Content Management System (CMS) | affected 0 - < 7.2 Update-3 (rev. 141226)affected 0 - < 7.5 Update-1 (rev. 150130) |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now