Vulnerabilities > Playsms > Playsms > 1.4.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-13 | CVE-2022-47034 | Incorrect Comparison vulnerability in Playsms A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | 9.8 |
2021-09-10 | CVE-2021-40373 | Code Injection vulnerability in Playsms playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | 9.8 |
2020-06-24 | CVE-2020-15018 | Session Fixation vulnerability in Playsms playSMS through 1.4.3 is vulnerable to session fixation. | 6.5 |
2020-02-05 | CVE-2020-8644 | Code Injection vulnerability in Playsms PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | 9.8 |