Vulnerabilities > Playsms > Playsms > 0.9.3

DATE CVE VULNERABILITY TITLE RISK
2009-01-09 CVE-2009-0103 Code Injection vulnerability in Playsms 0.9.3
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.
network
low complexity
playsms CWE-94
7.5
7.5
2009-01-09 CVE-2008-5881 Path Traversal vulnerability in Playsms 0.9.3
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php.
network
low complexity
playsms CWE-22
7.5
7.5