EDB-48335
remotephpVERIFIED
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
CVE-2020-8644
Metasploit4/16/2020
CVE-2020-8644
9.8CRITICALPlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Veröffentlicht: 2/5/2020Aktualisiert: 11/7/2025
CISA Bekannte Ausgenutzte Schwachstelle
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
Erforderliche Maßnahme:
Apply updates per vendor instructions.
Fälligkeitsdatum:
2022-05-03
Beschreibung
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
KI-AnalyseKI-gestützt
Betroffene Produkte
playsmsplaysms
Verfügbare Exploits (1)
Referenzen
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8644US Government Resource