NVD

Id
24812  
Name
CVE-2015-2825  
Description
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-04-21  
Modified Date
2016-12-02  
Seq
2015-2825  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
131024 24812 CVE-2015-2825 http://packetstormsecurity.com/files/131282/WordPress-Simple-Ads-Manager-2.5.94-File-Upload.html  View
131025 24812 CVE-2015-2825 20150405 Wordpress plugin Simple Ads Manager - Arbitrary File Upload  View
131026 24812 CVE-2015-2825 http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.html  View
131027 24812 CVE-2015-2825 https://wordpress.org/plugins/simple-ads-manager/changelog/  View
131028 24812 CVE-2015-2825 36614  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7156 JVNDB-2015-002476 WordPress 用 Simple Ads Manager プラグインの sam-ajax-admin.php における任意のコードを実行される脆弱性 WordPress 用 Simple Ads Manager プラグインの sam-ajax-admin.php には、ファイルを無制限にアップロードされることにより、任意のコードを実行される脆弱性が存在します。 CVE-2015-2825 80050 CVE-2015-2825 24812 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-002476.html 2015-04-02 2015-04-27 View