Touhid M. Shaikh

**Name of the Vulnerable Software and Affected Versions** PlaySMS version 1.4 **Description** The issue allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file, specifically in the import.php feature, also known as the Phonebook import feature. **Recommendations** For PlaySMS version 1.4, consider disabling the import.php feature, specifically the Phonebook import functionality, until a patch is available to prevent potential remote code execution. Restrict access to the import.php file to minimize the risk of exploitation. Avoid using the User-Agent HTTP header with malicious PHP code in the file name to prevent remote code execution.