Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php.
oryginał ENAV:N/AC:L/Au:N/C:P/I:P/A:PPlaysms
APPPlaysms0.9.3
Powiązane podatności
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to ...
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of cor...
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involvin...
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. se...