Remote Code Execution in PlaySMS 1.4 via Unrestricted File Upload and Code Injection in sendfromfile.php
CVE-2017-9080 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
Learn more about our Web Application Penetration Testing UK.