Vulnerabilities > Playsms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-8880 | Code Injection vulnerability in Playsms A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. | 9.8 |
| 2023-02-13 | CVE-2022-47034 | Incorrect Comparison vulnerability in Playsms A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | 9.8 |
| 2021-09-10 | CVE-2021-40373 | Code Injection vulnerability in Playsms playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | 9.8 |
| 2020-02-05 | CVE-2020-8644 | Code Injection vulnerability in Playsms PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | 9.8 |
| 2017-05-21 | CVE-2017-9101 | Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4 import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | 9.8 |