Exploit for #VU26575 Code Injection in PlaySMS

Published: 2020-04-03 | Updated: 2023-07-26

Vulnerability identifier: #VU26575

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2020-8644

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 6

July 26, 2023
- CVE-2020-8644-PlaySMS-1.4-rlvpp (Python script to exploit PlaySMS before 1.4.3) [Github]
- CVE-2020-8644-PlaySMS-1.4 (Python script to exploit PlaySMS before 1.4.3) [Github]
June 17, 2021
- PlaySMS 1.4.3 - Template Injection / Remote Code Execution [Exploit-DB]
- PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit) [Exploit-DB]
December 18, 2020
- CVE-2020-8644 () [Github]
April 3, 2020
- PlaySMS index.php Unauthenticated Template Injection Code Execution [Metasploit]

Vulnerable software:
PlaySMS
Mobile applications / Apps for mobile phones

Vendor: playsms.sourceforge.net