6 matches found
playSMS <1.4.3 - Remote Code Execution
PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. id: CVE-2020-8644 info: name: playSMS 1.4.3 - Remote Code Execution author: dbrwsky severity: critical description: PlaySMS before version 1.4.3 is susceptible to remote code...
PlaySMS < 1.4.3 RCE (CVE-2020-8644)
Binary data playsmscve-2020-8644.nbin...
PlaySMS index.php Remote Code Execution (CVE-2020-8644)
A remote code execution vulnerability exists in PlaySMS. Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system...
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS index.php Unauthenticated Template Injection Code Execution', 'Description' = %q This module exploits a preauth Server-Side Template...
CVE-2020-8644
creationtimestamp| type| source ---|---|--- 2020-04-03 14:31:14+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/playsmstemplateinjection.rb 2020-04-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48335 2021-11-08 08:58:19+00:00...
CVE-2020-8644
CVE-2020-8644 affects PlaySMS pre-1.4.3, where a server-side template injection leads to remote code execution. The root cause is double processing of a server-side template (TPL) in the PlaySMS template engine, enabling arbitrary code execution via unauthenticated input. Affected version: before...