Playsms
CVE-2018-18387
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
AnalysisAI
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-829. playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Affected products include: Playsms Project Playsms. Version information: through 1.4.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. Rated high s
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Rated critical severity (CVSS 9.8), this vulnerab
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_con
playSMS through 1.4.3 is vulnerable to session fixation. Rated medium severity (CVSS 6.5), this vulnerability is remotel
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Rated medium severity (CVSS 6.
A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable
A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today