EDB-48335
remotephpVERIFIED
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
CVE-2020-8644
Metasploit4/16/2020
CISA已知被利用漏洞
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
所需操作:
Apply updates per vendor instructions.
截止日期:
2022-05-03
描述
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
AI分析AI驱动
受影响产品
playsmsplaysms
可用漏洞利用 (1)
参考资料
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704Broken LinkRelease NotesVendor Advisory
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/Vendor Advisory
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/Exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8644US Government Resource