mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
757 B
757 B
CVE-2017-9080
Description
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
POC
Reference
- http://touhidshaikh.com/blog/poc/playsms-v1-4-rce/
- https://www.exploit-db.com/exploits/42003/
- https://www.exploit-db.com/exploits/44599/