vulnerability
PlaySMS: CVE-2020-8644: Improper Control of Generation of Code
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 5, 2020 | Aug 8, 2025 | Aug 8, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 5, 2020
Added
Aug 8, 2025
Modified
Aug 8, 2025
Description
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Solution
play-sms-upgrade-latest
References
- CVE-2020-8644
- https://attackerkb.com/topics/CVE-2020-8644
- URL-https://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html
- URL-https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704
- URL-https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/
- URL-https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/
- CWE-94
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.