PlaySMS Cookie SQL Injection Network Vulnerability

Summary

PlaySMS is a full-featured SMS gateway application that features sending of single or broadcast SMSes, the ability to receive and forward SMSes, an SMS board, an SMS polling system, SMS customs for handling incoming SMSes and forwarding them to custom applications, and SMS commands for saving/retrieving information to/from a server and executing server-side shell scripts. An SQL Injection vulnerability in the product allows remote attackers to inject arbitrary SQL statements via the cookie mechanism used by the product.

Solution

Upgrade to version 0.7.1 or later.

References

http://sourceforge.net/project/shownotes.php?release_id=254915

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2263

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Artmedic Kleinanzeigen File Inclusion Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
admin.cgi overflow
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
AstroSPACES profile.php SQL Injection Vulnerability

Take action and discover your vulnerabilities