Vulnerabilities > CVE-2015-2825 - Unspecified vulnerability in Simple ADS Manager Project Simple ADS Manager 2.5.94

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

simple-ads-manager-project

exploit available

NVD

Published: 2015-04-21

Updated: 2024-11-21

Summary

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.

Vulnerable Configurations

Part	Description	Count
Application	Simple_Ads_Manager_Project Simple ADS Manager Project Simple ADS Manager 2.5.94	1

D2sec

name	WordPress Simple Ads Manager File Upload
url	http://www.d2sec.com/exploits/wordpress_simple_ads_manager_file_upload.html

Exploit-Db

description	Wordpress Simple Ads Manager 2.5.94 - Arbitrary File Upload. CVE-2015-2825. Webapps exploit for php platform
file	exploits/php/webapps/36614.txt
id	EDB-ID:36614
last seen	2016-02-04
modified	2015-04-02
platform	php
port	80
published	2015-04-02
reporter	ITAS Team
source	https://www.exploit-db.com/download/36614/
title	WordPress Simple Ads Manager 2.5.94 - Arbitrary File Upload
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/131282/wpsam-upload.txt
id	PACKETSTORM:131282
last seen	2016-12-05
published	2015-04-03
reporter	Tien Tran Dinh
source	https://packetstormsecurity.com/files/131282/WordPress-Simple-Ads-Manager-2.5.94-File-Upload.html
title	WordPress Simple Ads Manager 2.5.94 File Upload

Summary

Vulnerable Configurations

D2sec

Exploit-Db

Packetstorm

References