Headline
CVE-2017-20095: Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.
Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev
Full Disclosure mailing list archives
From: Summer of Pwnage <lists () securify nl>
Date: Wed, 1 Mar 2017 07:04:52 +0100
------------------------------------------------------------------------ Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability
Yorick Koster, July 2016
Abstract
A PHP Object injection vulnerability was found in the Simple Ads Manager WordPress plugin. The unauthenticated PHP Object injection vulnerability can be used by an unautenthicated user to instantiate arbitrary PHP Objects. This issue can potentially result in arbitrary code execution, but this has not been confirmed.
OVE ID
OVE-20160712-0041
Tested versions
This issue was succesfully tested on the Simple Ads Manager WordPress plugin version 2.9.8.125.
Fix
There is currently no fix available.
Details
https://sumofpwn.nl/advisory/2016/simple_ads_manager_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability Summer of Pwnage (Feb 28)