Skip to main content

Playsms

10 CVEs product

Monthly

CVE-2024-8880 MEDIUM POC This Month

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Playsms
NVD VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-6470 MEDIUM This Month

A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Playsms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-6469 MEDIUM POC This Month

A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Playsms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.7%
CVE-2024-6251 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Playsms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2021-40373 CRITICAL POC Act Now

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Playsms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-15018 MEDIUM POC This Month

playSMS through 1.4.3 is vulnerable to session fixation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Playsms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-8644 CRITICAL POC KEV THREAT Emergency

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Playsms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.7%
CVE-2018-18387 HIGH This Week

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Playsms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2017-9101 CRITICAL POC THREAT Emergency

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.0%.

RCE PHP File Upload Playsms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.0%
Threat
5.9
CVE-2017-9080 HIGH POC THREAT Act Now

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.

RCE PHP File Upload Playsms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
73.5%
Threat
5.5
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Playsms
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Playsms
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Playsms
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

playSMS through 1.4.3 is vulnerable to session fixation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Playsms
NVD GitHub
EPSS 87% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Playsms
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Playsms
NVD GitHub
EPSS 80% 5.9 CVSS 9.8
CRITICAL POC THREAT Emergency

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.0%.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 73% 5.5 CVSS 8.8
HIGH POC THREAT Act Now

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.

RCE PHP File Upload +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy