HTTP: Wordpress Simple Ads Manager SQL Injection
This signature detects an attempt to a known SQL injection vulnerability in Simple Ads Manager plugin for WordPress package. Successful exploitation could lead to disclosure of sensitive information and launch further attacks.
Extended Description
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
Affected Products
Simple_ads_manager_project simple_ads_manager
References
CVE: CVE-2015-2824
URL: https://plugins.trac.wordpress.org/changeset/1136202/simple-ads-manager
Short Name
HTTP:SQL:INJ:SIMPLE-ADS-MNGR
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Ads CVE-2015-2824 Injection Manager SQL Simple Wordpress
Release Date
07/27/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Simple_ads_manager_project
CVSS Score
7.5