Playsms: >> Playsms >> 1.4 Security Vulnerabilities
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-02-13
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
CVSS Score
9.8
EPSS Score
0.353
Published
2021-09-10
playSMS through 1.4.3 is vulnerable to session fixation.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-24
CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Known exploited
CVSS Score
9.8
EPSS Score
0.933
Published
2020-02-05
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
CVSS Score
9.8
EPSS Score
0.798
Published
2017-05-21
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
CVSS Score
8.8
EPSS Score
0.756
Published
2017-05-19