Darks3Curity

**Name of the Vulnerable Software and Affected Versions** PlaySMS version 1.4 **Description** The issue allows remote code execution due to the execution of PHP code in the name of an uploaded .php file. This is caused by a combination of Unrestricted File Upload and Code Injection in the sendfromfile.php file. **Recommendations** For PlaySMS version 1.4, consider restricting the upload of .php files and validating the file types and contents to prevent code injection. As a temporary workaround, restrict access to the sendfromfile.php file to minimize the risk of exploitation.