Published: 05/02/2020 Updated: 12/07/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PlaySMS prior to 1.4.3 does not sanitize inputs from a malicious string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
playsms playsms

This Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 143 This issue is caused by double processing a server-side template with a custom PHP template system called TPL which is used in the PlaySMS template engine at src/Playsms/Tplphp:_compile() The ...

Python script to exploit PlaySMS before 1.4.3

CVE-2020-8644-PlaySMS-14 Python script to exploit PlaySMS before 143 Execution Open a port on your machine: And the execute exploitpy: /exploitpy <target-ip> <target-port> <your-ip> <your-open-port> Changing the exploit Tou may want to change the reverse shell created by expl

CWE-94 https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704 https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html https://nvd.nist.gov https://github.com/H3rm1tR3b0rn/CVE-2020-8644-PlaySMS-1.4 https://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html

CVE-2020-8644

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect