CVE-2015-2824

Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:simple_ads_manager_project:simple_ads_manager:2.5.94:*:*:*:*:wordpress:*:*
cpe:2.3:a:simple_ads_manager_project:simple_ads_manager:2.5.96:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2015-04-06 15:59

Updated : 2023-12-10 11:31


NVD link : CVE-2015-2824

Mitre link : CVE-2015-2824

CVE.ORG link : CVE-2015-2824


JSON object : View

Products Affected

simple_ads_manager_project

  • simple_ads_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')