ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple Ads Manager Plugin <= 2.5.95 - Unrestricted File Upload

Product
Simple Ads Manager
Description
This vulnerability exists in sam-ajax-admin.php and allows an attacker to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the "path" parameter.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-2825
Versions
Affected In <= 2.5.95
Fixed In 2.5.96
Disclosure date
2015-04-01