Summary
PlaySMS is a full-featured SMS gateway application that features sending of single or broadcast SMSes, the ability to receive and forward SMSes, an SMS board, an SMS polling system, SMS customs for handling incoming SMSes and forwarding them to custom applications, and SMS commands for saving/retrieving information to/from a server and executing server-side shell scripts.
An SQL Injection vulnerability in the product allows remote attackers to inject arbitrary SQL statements via the cookie mechanism used by the product.
Solution
Upgrade to version 0.7.1 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-2263 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- 4Images <= 1.7.1 Directory Traversal Vulnerability