EDB-48335
remotephpVERIFIED
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
CVE-2020-8644
Metasploit4/16/2020
CVE-2020-8644
9.8CRITICALPlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Опубликовано: 2/5/2020Обновлено: 11/7/2025
Известная эксплуатируемая уязвимость CISA
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
Требуемое действие:
Apply updates per vendor instructions.
Срок:
2022-05-03
Описание
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
ИИ-АнализНа базе ИИ
Затронутые продукты
playsmsplaysms
Доступные эксплойты (1)
Ссылки
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8644US Government Resource