Vulnerabilities > Playsms

DATE CVE VULNERABILITY TITLE RISK
2024-09-16 CVE-2024-8880 Code Injection vulnerability in Playsms
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7.
network
low complexity
playsms CWE-94
critical
9.8
2024-07-03 CVE-2024-6469 Injection vulnerability in Playsms 1.4.3
A vulnerability was found in playSMS 1.4.3.
network
low complexity
playsms CWE-74
8.8
2024-06-22 CVE-2024-6251 Cross-site Scripting vulnerability in Playsms 1.4.3
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3.
network
low complexity
playsms CWE-79
6.1
2023-02-13 CVE-2022-47034 Incorrect Comparison vulnerability in Playsms
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.
network
low complexity
playsms CWE-697
critical
9.8
2021-09-10 CVE-2021-40373 Code Injection vulnerability in Playsms
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
network
low complexity
playsms CWE-94
7.5
2020-06-24 CVE-2020-15018 Session Fixation vulnerability in Playsms
playSMS through 1.4.3 is vulnerable to session fixation.
network
low complexity
playsms CWE-384
6.4
2020-02-05 CVE-2020-8644 Code Injection vulnerability in Playsms
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
network
low complexity
playsms CWE-94
7.5
2017-05-21 CVE-2017-9101 Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
network
low complexity
playsms CWE-434
7.5
2017-05-19 CVE-2017-9080 Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed.
network
low complexity
playsms CWE-434
6.5
2009-01-09 CVE-2009-0103 Code Injection vulnerability in Playsms 0.9.3
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.
network
low complexity
playsms CWE-94
7.5