EDB-48335
remotephpVERIFIED
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
CVE-2020-8644
Metasploit4/16/2020
CVE-2020-8644
9.8CRITICALPlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
게시됨: 2/5/2020업데이트됨: 11/7/2025
CISA 알려진 악용 취약점
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
필요한 조치:
Apply updates per vendor instructions.
마감일:
2022-05-03
설명
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
AI 분석AI 기반
영향받는 제품
playsmsplaysms
사용 가능한 익스플로잇 (1)
참조
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8644US Government Resource