PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPlaysms
APPPlaysms< 1.4.3
CISA KEV — szczegółyi
- Dostawcai
- PlaySMS
- Produkti
- PlaySMS
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 3 maja 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami dostawcy.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
PlaySMS zawiera lukę server-side template injection pozwalającą na zdalne wykonanie kodu.
▸ Pokaż oryginał (EN)
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
Powiązane podatności
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to ...
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of cor...
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involvin...
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. se...
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute ar...