CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-9080

HIGH
8.8
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile8.77th
Published2017年5月19日
Last Modified2026年5月13日

Vulnerability Description

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.

Affected Platforms (CPE)

📦
Playsms

Playsms

= 1.4

References & Advisories

🔗 http://touhidshaikh.com/blog/poc/playsms-v1-4-rce/
🔗 https://www.exploit-db.com/exploits/42003/
🔗 https://www.exploit-db.com/exploits/44599/
🔗 http://touhidshaikh.com/blog/poc/playsms-v1-4-rce/
🔗 https://www.exploit-db.com/exploits/42003/
🔗 https://www.exploit-db.com/exploits/44599/

相关漏洞威胁

CVE-2017-91019.8

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTT...

CVE-2021-403739.8

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and t...

CVE-2020-86449.8

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

CVE-2018-183878.8

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.