EDB-48335
remotephpVERIFIED
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
CVE-2020-8644
Metasploit4/16/2020
CVE-2020-8644
9.8CRITICALPlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Publicado: 2/5/2020Atualizado: 11/7/2025
Vulnerabilidade Explorada Conhecida (CISA)
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
Ação Necessária:
Apply updates per vendor instructions.
Prazo:
2022-05-03
Descrição
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Análise IADesenvolvido por IA
Produtos Afetados
playsmsplaysms
Exploits Disponíveis (1)
Referências
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8644US Government Resource