CVE-2009-0103

Name of the Vulnerable Software and Affected Versions playSMS version 0.9.3

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the following parameters: apps path[plug] to "plugin/gateway/gnokii/init.php", apps path[themes] to "plugin/themes/default/init.php", and apps path[libs] to "lib/function.php".

Recommendations For playSMS version 0.9.3, consider restricting access to the apps path[plug], apps path[themes], and apps path[libs] parameters in the respective PHP files until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.