Remote Code Execution in PlaySMS 1.4 via Unrestricted File Upload and Code Injection in sendfromfile.php

Remote Code Execution in PlaySMS 1.4 via Unrestricted File Upload and Code Injection in sendfromfile.php

CVE-2017-9080 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.

Learn more about our Web Application Penetration Testing UK.