CVE-2021-40373 — CRITICAL (9.8)

Q: How severe is CVE-2021-40373?

CVE-2021-40373 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-40373?

Check the references section above for vendor advisories and patch information. Affected products include: Playsms Playsms.

Vulnerability Description

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Playsms	Playsms	< 1.4.5

Related Weaknesses (CWE)

CWE-94

References

https://github.com/maikroservice/CVE-2021-40373ExploitThird Party Advisory
https://playsms.org/2021/09/04/playsms-1-4-5-released/Release NotesVendor Advisory
https://github.com/maikroservice/CVE-2021-40373ExploitThird Party Advisory
https://playsms.org/2021/09/04/playsms-1-4-5-released/Release NotesVendor Advisory

FAQ

What is CVE-2021-40373?

CVE-2021-40373 is a vulnerability with a CVSS score of 9.8 (CRITICAL). playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome UR...

How severe is CVE-2021-40373?

CVE-2021-40373 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-40373?

Check the references section above for vendor advisories and patch information. Affected products include: Playsms Playsms.