Skip to main content

Playsms CVE-2018-18387

HIGH
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
2018-10-29 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 29, 2018 - 18:29 nvd
HIGH 8.8

DescriptionNVD

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.

AnalysisAI

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-829. playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Affected products include: Playsms Project Playsms. Version information: through 1.4.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-9101 CRITICAL POC
9.8 May 21

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User

CVE-2017-9080 HIGH POC
8.8 May 19

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. Rated high s

CVE-2020-8644 CRITICAL POC
9.8 Feb 05

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2021-40373 CRITICAL POC
9.8 Sep 10

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_con

CVE-2020-15018 MEDIUM POC
6.5 Jun 24

playSMS through 1.4.3 is vulnerable to session fixation. Rated medium severity (CVSS 6.5), this vulnerability is remotel

CVE-2024-8880 MEDIUM POC
6.3 Sep 16

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Rated medium severity (CVSS 6.

CVE-2024-6469 MEDIUM POC
5.1 Jul 03

A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable

CVE-2024-6470 MEDIUM
5.1 Jul 03

A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable

CVE-2024-6251 MEDIUM
5.1 Jun 22

A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this

Share

CVE-2018-18387 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy