CVE-2015-2825

Name of the Vulnerable Software and Affected Versions Simple Ads Manager plugin versions prior to 2.5.96

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the sam-ajax-admin.php file, and then accessing it via a direct request to the file in the directory specified by the path parameter.

Recommendations For versions prior to 2.5.96, update to version 2.5.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the sam-ajax-admin.php file to minimize the risk of exploitation. Avoid using the path parameter in the affected file until the issue is resolved.