playSMS <1.4.3 - Remote Code Execution

PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. id: CVE-2020-8644 info: name: playSMS 1.4.3 - Remote Code Execution author: dbrwsky severity: critical description: PlaySMS before version 1.4.3 is susceptible to remote code...

EUVD-2005-4427

Malware in sbrugna...

EUVD-2008-5851

Malware in sbrugna...

EUVD-2004-2255

Malware in sbrugna...

EUVD-2018-10117

Malware in sbrugna...

EUVD-2020-7146

Malware in sbrugna...

EUVD-2009-0112

Malware in sbrugna...

EUVD-2024-47562

Malicious code in bioql PyPI...

EUVD-2024-49452

Malicious code in bioql PyPI...

EUVD-2024-47375

Malicious code in bioql PyPI...

EUVD-2022-49812

Malicious code in bioql PyPI...

EUVD-2024-47563

Malicious code in bioql PyPI...

EUVD-2024-46995

Malicious code in bioql PyPI...

Malicious code in playsms (npm)

The package playsms was found to contain malicious code...

MAL-2025-29390 Malicious code in playsms (npm)

The package playsms was found to contain malicious code...

CVE-2024-6251

A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main=featurephonebook=phonebooklist of the component New Phonebook Handler. The manipulation of the argument name/email leads to basic cross site scripting...

CVE-2024-6470

A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main=featureinboxgroup=list of the component Template Handler. The manipulation of the argument Receiver Number with the input id leads to...

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main=featureschedule=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It is...

CVE-2024-6469

A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main=featurefirewall=firewalllist of the component Template Handler. The manipulation of the argument IP address with the input id...

CVE-2024-8880

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main=coreauth=forgot=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code...