Vulnerabilities > CVE-2004-2263 - SQL Injection vulnerability in Anton Raharja PlaySMS Valid Function

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

playsms

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.

Vulnerable Configurations

Part	Description	Count
Application	Playsms Playsms Playsms 0.6 Playsms Playsms 0.7	2

Exploit-Db

description	PlaySMS. CVE-2004-2263. Remote exploit for linux platform
id	EDB-ID:404
last seen	2016-01-31
modified	2004-08-19
published	2004-08-19
reporter	Noam Rathaus
source	https://www.exploit-db.com/download/404/
title	PlaySMS <= 0.7 - SQL Injection Exploit

References

http://securitytracker.com/id?1010984
http://sourceforge.net/project/shownotes.php?release_id=254915
http://www.osvdb.org/8984
http://www.securiteam.com/unixfocus/5UP0F2ADPS.html
http://www.securityfocus.com/bid/10970
https://exchange.xforce.ibmcloud.com/vulnerabilities/17031