CVE-2024-6470

Name of the Vulnerable Software and Affected Versions playSMS version 1.4.3

Description A vulnerability was found in the Template Handler component of playSMS, affecting some unknown functionality of the file /index.php?app=main&inc=feature inboxgroup&op=list. The manipulation of the id argument leads to injection. This issue can be exploited remotely.

Recommendations For playSMS version 1.4.3, as a temporary workaround, consider restricting access to the /index.php?app=main&inc=feature inboxgroup&op=list endpoint to minimize the risk of exploitation. Avoid using the id argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.