Описание
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-8644
- https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704
- https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released
- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8644
- http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.