Lucene search

[email protected]CVE-2015-2825

HistoryApr 21, 2015 - 3:59 p.m.

CVE-2015-2825

2015-04-2115:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-2825

file upload vulnerability

simple ads manager

wordpress

remote code execution

nvd

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.696 Medium

EPSS

Percentile

98.0%

JSON

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.

CPENameOperatorVersion
simple_ads_manager_project:simple_ads_managersimple ads manager project simple ads managerle2.5.94

CPE	Name	Operator	Version
simple_ads_manager_project:simple_ads_manager	simple ads manager project simple ads manager	le	2.5.94

References

packetstormsecurity.com/files/131282/WordPress-Simple-Ads-Manager-2.5.94-File-Upload.html

seclists.org/fulldisclosure/2015/Apr/8

www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.html

wordpress.org/plugins/simple-ads-manager/changelog/

www.exploit-db.com/exploits/36614/

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.696 Medium

EPSS

Percentile

98.0%

JSON

Related for CVE-2015-2825

patchstack1 dsquare1 securityvulns2 exploitpack1 openvas1 packetstorm1 zdt1 checkpoint_advisories2 prion1 exploitdb1 wpvulndb1