CVE-2020-8644

Name of the Vulnerable Software and Affected Versions PlaySMS versions prior to 1.4.3

Description The issue is related to insufficient sanitization of special elements in a string, which can be exploited by a remote attacker to execute arbitrary code. This is a server-side template injection vulnerability in the PlaySMS web interface for SMS gateways and SMS services.

Recommendations For PlaySMS versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the compile() function in src/Playsms/Tpl.php until a patch is available. Avoid using unsanitized inputs from malicious strings in the affected API endpoints until the issue is resolved.