Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
playsms vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2004-2263
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and previous versions allows remote malicious users to modify SQL statements via the vc2 cookie.
Playsms Playsms 0.6
Playsms Playsms 0.7
1 EDB exploit
570
VMScore
CVE-2020-15018
playSMS up to and including 1.4.3 is vulnerable to session fixation.
Playsms Playsms
NA
CVE-2022-47034
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and previous versions allows malicious users to bypass authentication.
Playsms Playsms
668
VMScore
CVE-2021-40373
playSMS prior to 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
Playsms Playsms
1 Github repository
668
VMScore
CVE-2020-8644
PlaySMS prior to 1.4.3 does not sanitize inputs from a malicious string.
Playsms Playsms
1 Github repository
435
VMScore
CVE-2005-4432
Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote malicious users to inject arbitrary web script or HTML via the err parameter.
Playsms Playsms 0.8
1 EDB exploit
655
VMScore
CVE-2017-9080
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
Playsms Playsms 1.4
1 EDB exploit
760
VMScore
CVE-2017-9101
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
Playsms Playsms 1.4
2 EDB exploits
801
VMScore
CVE-2018-18387
playSMS up to and including 1.4.2 allows Privilege Escalation through Daemon abuse.
Playsms Project Playsms
1 Github repository
755
VMScore
CVE-2009-0103
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, ...
Playsms Playsms 0.9.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »