CVEブラウザに戻る

CVE-2017-9080

HIGH

8.8

CVSS Severity Score

EPSS Score0.0560%

EPSS Percentile8.77th

Published2017年5月19日

Last Modified2026年5月13日

Vulnerability Description

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.

Affected Platforms (CPE)

📦

Playsms

Playsms

= 1.4

References & Advisories

🔗 http://touhidshaikh.com/blog/poc/playsms-v1-4-rce/

🔗 https://www.exploit-db.com/exploits/42003/

🔗 https://www.exploit-db.com/exploits/44599/

🔗 http://touhidshaikh.com/blog/poc/playsms-v1-4-rce/

🔗 https://www.exploit-db.com/exploits/42003/

🔗 https://www.exploit-db.com/exploits/44599/

関連する脆弱性情報

CVE-2017-91019.8

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTT...

CVE-2021-403739.8

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and t...

CVE-2020-86449.8

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

CVE-2018-183878.8

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.