Main
Vulnerability Database
Exploits
ID:1762 - Exploit for PHP code injection in PlaySMS - CVE-2017-9080
ID:1762 - Exploit for PHP code injection in PlaySMS - CVE-2017-9080
Published: March 18, 2020
Vulnerability identifier: #VU6700
Vulnerability risk: Medium
CVE-ID: CVE-2017-9080
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
PlaySMS
PlaySMS
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The weakness exists due to improper validation of user-supplied input passed via uploaded .csv file to sendfromfile.php. A remote attacker can upload a specially crafted file and execute PHP code contained in its name.
The weakness exists due to improper validation of user-supplied input passed via uploaded .csv file to sendfromfile.php. A remote attacker can upload a specially crafted file and execute PHP code contained in its name.
Remediation
Install update from vendor's website.