Vulnerabilities > Playsms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-16 | CVE-2024-8880 | Code Injection vulnerability in Playsms A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. | 9.8 |
2024-07-03 | CVE-2024-6469 | Unspecified vulnerability in Playsms 1.4.3 A vulnerability was found in playSMS 1.4.3. | 8.8 |
2024-06-22 | CVE-2024-6251 | Cross-site Scripting vulnerability in Playsms 1.4.3 A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. | 6.1 |
2023-02-13 | CVE-2022-47034 | Incorrect Comparison vulnerability in Playsms A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | 9.8 |
2021-09-10 | CVE-2021-40373 | Code Injection vulnerability in Playsms playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | 9.8 |
2020-06-24 | CVE-2020-15018 | Session Fixation vulnerability in Playsms playSMS through 1.4.3 is vulnerable to session fixation. | 6.5 |
2020-02-05 | CVE-2020-8644 | Code Injection vulnerability in Playsms PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | 9.8 |
2017-05-21 | CVE-2017-9101 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | 9.8 |
2017-05-19 | CVE-2017-9080 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. | 8.8 |