CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-0103

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.8%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/33386
http://securityreason.com/securityalert/4888
http://www.securityfocus.com/bid/33138
https://www.exploit-db.com/exploits/7687
http://secunia.com/advisories/33386
http://securityreason.com/securityalert/4888
http://www.securityfocus.com/bid/33138
https://www.exploit-db.com/exploits/7687

Products affected by CVE-2009-0103

Playsms » Playsms » Version: 0.9.3

cpe:2.3:a:playsms:playsms:0.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-0103

Products

Pricing

Contact Us