CVE-2015-2825
published 2015-04-21CVE-2015-2825: Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute…
PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.45%
96.2th percentile
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simple_ads_manager_project | simple_ads_manager | <= 2.5.94 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The 'path' POST parameter is user-controlled and used directly as the upload directory; monitor for POST requests to sam-ajax-admin.php that include a 'path' parameter alongside a file upload ↗
- →Alert on direct HTTP GET/POST requests to newly uploaded files in the directory specified by the 'path' parameter under the WordPress plugins directory, particularly files with executable extensions ↗
- →Flag multipart/form-data POST requests to sam-ajax-admin.php where the uploaded filename has a .php (or other executable) extension ↗
- ·The vulnerability exists in Simple Ads Manager versions before 2.5.96; ensure detection rules are scoped to environments running the affected plugin version (2.5.94 confirmed vulnerable) ↗
- ·The upload destination is fully attacker-controlled via the unsanitized POST 'path' parameter, meaning uploaded webshells may appear in arbitrary directories — not just a fixed upload path ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/131282/WordPress-Simple-Ads-Manager-2.5.94-File-Upload.htmlhttp://seclists.org/fulldisclosure/2015/Apr/8http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.htmlhttps://wordpress.org/plugins/simple-ads-manager/changelog/https://www.exploit-db.com/exploits/36614/http://packetstormsecurity.com/files/131282/WordPress-Simple-Ads-Manager-2.5.94-File-Upload.htmlhttp://seclists.org/fulldisclosure/2015/Apr/8http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.htmlhttps://wordpress.org/plugins/simple-ads-manager/changelog/https://www.exploit-db.com/exploits/36614/
2015-04-21
Published