ID CVE-2017-9080
Summary PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
exploit-db via4
author Touhid M.Shaikh
date 2017-05-14
description PlaySms 1.4 - Remote Code Execution
file platforms/php/webapps/42003.txt
id 42003
platform php
port 0
type webapps
refmap via4
misc http://touhidshaikh.com/blog/poc/playsms-v1-4-rce/
Last major update 19-05-2017 - 11:29
Published 19-05-2017 - 11:29
Last modified 19-05-2017 - 11:29
Back to Top