Lucas Rosevear

**Name of the Vulnerable Software and Affected Versions** PlaySMS versions prior to 1.4.3 **Description** The issue is related to insufficient sanitization of special elements in a string, which can be exploited by a remote attacker to execute arbitrary code. This is a server-side template injection vulnerability in the PlaySMS web interface for SMS gateways and SMS services. **Recommendations** For PlaySMS versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` compile()` function in `src/Playsms/Tpl.php` until a patch is available. Avoid using unsanitized inputs from malicious strings in the affected API endpoints until the issue is resolved.