Vulnerabilities > Playsms > Playsms > 1.4.2

DATE CVE VULNERABILITY TITLE RISK
2023-02-13 CVE-2022-47034 Incorrect Comparison vulnerability in Playsms
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.
network
low complexity
playsms CWE-697
critical
 9.8
9.8
2021-09-10 CVE-2021-40373 Code Injection vulnerability in Playsms
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
network
low complexity
playsms CWE-94
critical
 9.8
9.8
2020-06-24 CVE-2020-15018 Session Fixation vulnerability in Playsms
playSMS through 1.4.3 is vulnerable to session fixation.
network
low complexity
playsms CWE-384
6.5
6.5
2020-02-05 CVE-2020-8644 Code Injection vulnerability in Playsms
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
network
low complexity
playsms CWE-94
critical
 9.8
9.8