CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-40373

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile7.25th
Published2021年9月10日
Last Modified2024年11月21日

Vulnerability Description

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.

Affected Platforms (CPE)

📦
Playsms

Playsms

< 1.4.5

References & Advisories

🔗 https://github.com/maikroservice/CVE-2021-40373
🔗 https://playsms.org/2021/09/04/playsms-1-4-5-released/
🔗 https://github.com/maikroservice/CVE-2021-40373
🔗 https://playsms.org/2021/09/04/playsms-1-4-5-released/

相關漏洞威脅

CVE-2020-86449.8

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

CVE-2017-91019.8

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTT...

CVE-2017-90808.8

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a...

CVE-2018-183878.8

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.