Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
playsms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-2263
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and previous versions allows remote malicious users to modify SQL statements via the vc2 cookie.
Playsms Playsms 0.6
Playsms Playsms 0.7
1 EDB exploit
7.5
CVSSv2
CVE-2020-8644
PlaySMS prior to 1.4.3 does not sanitize inputs from a malicious string.
Playsms Playsms
1 Github repository
7.5
CVSSv2
CVE-2021-40373
playSMS prior to 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
Playsms Playsms
1 Github repository
NA
CVE-2022-47034
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and previous versions allows malicious users to bypass authentication.
Playsms Playsms
6.4
CVSSv2
CVE-2020-15018
playSMS up to and including 1.4.3 is vulnerable to session fixation.
Playsms Playsms
7.5
CVSSv2
CVE-2009-0103
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, ...
Playsms Playsms 0.9.3
1 EDB exploit
7.5
CVSSv2
CVE-2017-9101
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
Playsms Playsms 1.4
2 EDB exploits
6.5
CVSSv2
CVE-2017-9080
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
Playsms Playsms 1.4
1 EDB exploit
7.5
CVSSv2
CVE-2008-5881
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to p...
Playsms Playsms 0.9.3
1 EDB exploit
9
CVSSv2
CVE-2018-18387
playSMS up to and including 1.4.2 allows Privilege Escalation through Daemon abuse.
Playsms Project Playsms
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »