Lucene search

Playsms Security Vulnerabilities

cve

CVE-2024-6251

A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the component New Phonebook Handler. The manipulation of the argument name/email leads to basic cross site...

2.4CVSS

3.4AI Score

0.0004EPSS

2024-06-22 12:15 PM

cve

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-11 06:15 PM

cve

CVE-2022-47034

A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass...

9.8CVSS

9.3AI Score

0.002EPSS

2023-02-13 10:15 PM

cve

CVE-2021-40373

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome...

9.8CVSS

9.7AI Score

0.035EPSS

2021-09-10 02:15 PM

cve

CVE-2020-15018

playSMS through 1.4.3 is vulnerable to session...

6.5CVSS

6.4AI Score

0.001EPSS

2020-06-24 01:15 PM

cve

CVE-2020-8644

PlaySMS before 1.4.3 does not sanitize inputs from a malicious...

9.8CVSS

9.2AI Score

0.958EPSS

2020-02-05 10:15 PM

941

In Wild

cve

CVE-2018-18387

playSMS through 1.4.2 allows Privilege Escalation through Daemon...

8.8CVSS

8.7AI Score

0.001EPSS

2018-10-29 06:29 PM

cve

CVE-2017-9101

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a...

9.8CVSS

9.6AI Score

0.887EPSS

2017-05-21 06:29 PM

cve

CVE-2017-9080

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code...

8.8CVSS

9AI Score

0.889EPSS

2017-05-19 03:29 PM

cve

CVE-2009-0103

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3)...

7.9AI Score

0.008EPSS

2009-01-09 06:30 PM

cve

CVE-2008-5881

Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to...

7.5AI Score

0.004EPSS

2009-01-09 06:30 PM

cve

CVE-2005-4432

Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err...

6AI Score

0.006EPSS

2005-12-21 12:03 AM

cve

CVE-2004-2263

SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2...

7.6AI Score

0.007EPSS

2005-07-19 04:00 AM