Vulnerabilities (CVE)

Filtered by vendor Playsms Subscribe

Filtered by product Playsms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-8644	1 Playsms	1 Playsms	2022-07-12	7.5 HIGH	9.8 CRITICAL
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
CVE-2021-40373	1 Playsms	1 Playsms	2021-09-21	7.5 HIGH	9.8 CRITICAL
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
CVE-2017-9101	1 Playsms	1 Playsms	2018-05-11	7.5 HIGH	9.8 CRITICAL
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.