CVE-2015-2824

Simple Ads Manager < 2.7.97 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2824. PoCs published by ITAS Team.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in the WordPress plugin Simple Ads Manager (versions 2.5.94 and 2.5.96). The PoC includes detailed HTTP requests and vulnerable code snippets showing how user-controlled input is directly interpolated into SQL queries without proper sanitization.

Description

Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ITAS Team · textwebappsphp
https://www.exploit-db.com/exploits/36613

This exploit demonstrates multiple SQL injection vulnerabilities in the WordPress plugin Simple Ads Manager (versions 2.5.94 and 2.5.96). The PoC includes detailed HTTP requests and vulnerable code snippets showing how user-controlled input is directly interpolated into SQL queries without proper sanitization.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress plugin Simple Ads Manager 2.5.94 and 2.5.96
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535168/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535165/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73698
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36613/
Patch, Vendor Advisory x_refsource_confirm
https://wordpress.org/plugins/simple-ads-manager/changelog/
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Apr/7
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Apr/6

Scores

EPSS 0.0626
EPSS Percentile 92.7%

Details

CWE
CWE-89
Status published
Products (2)
simple_ads_manager_project/simple_ads_manager 2.5.94
simple_ads_manager_project/simple_ads_manager 2.5.96
Published Apr 06, 2015
Tracked Since Feb 18, 2026