PlaySMS 1.4 - import.php Authenticated CSV File Upload Code Execution Exploit

This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php aka the Phonebook import feature. Authenticated Users can upload a CSV file containing a malicious payload...

PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS import.php Authenticated CSV File Upload Code Execution', 'Description' = %q This module exploits an authenticated file upload remote cod...

PlaySMS import.php Authenticated CSV File Upload Code Execution

This module exploits an authenticated file upload remote code excution vulnerability in PlaySMS Version 1.4. This issue is caused by improper file contents handling in import.php aka the Phonebook import feature. Authenticated Users can upload a CSV file containing a malicious payload via vectors...

CVE-2017-9101

import.php aka the Phonebook import feature in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file...

CVE-2017-9101

creationtimestamp| type| source ---|---|--- 2017-05-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42044 2018-05-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44598 2018-05-29 15:50:33+00:00| seen|...