HIGH🇬🇧 English

CVE-2008-5881

CVSS 7.5v2.0pub. 2009-01-09upd. 2026-04-23

Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Playsms

    APP
    Playsms
    0.9.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2020-8644CRITICAL9.8⚠ KEVten sam produkt

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

CVE-2022-47034CRITICAL9.8ten sam produkt

A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to ...

CVE-2021-40373CRITICAL9.8ten sam produkt

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of cor...

CVE-2017-9101CRITICAL9.8ten sam produkt

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involvin...

CVE-2017-9080HIGH8.8ten sam produkt

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. se...