CVE-2017-9101

Name of the Vulnerable Software and Affected Versions PlaySMS version 1.4

Description The issue allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file, specifically in the import.php feature, also known as the Phonebook import feature.

Recommendations For PlaySMS version 1.4, consider disabling the import.php feature, specifically the Phonebook import functionality, until a patch is available to prevent potential remote code execution. Restrict access to the import.php file to minimize the risk of exploitation. Avoid using the User-Agent HTTP header with malicious PHP code in the file name to prevent remote code execution.