CVE-2021-40373

Beschreibung:
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.

CWE: CWE-502

CVSS-Bewertung
CVSS 2: – (Version: )
CVSS 3: HIGH – 8.4 (Version: 3.1)

Links:

NVD – CVE-2021-40373
CVE – CVE-2021-40373

Link (max. 20) Quelle Tags
https://github.com/maikroservice/CVE-2021-40373 MISC
https://playsms.org/2021/09/04/playsms-1-4-5-released/ CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993746 CONFIRM
https://gitlab.com/mailman/postorius/-/issues/531 MISC
https://phabricator.wikimedia.org/T289798 MISC
DSA-4970 DEBIAN

Quelle: NVD – CVE-2021-40373
Datum Veröffentlichung: 2021-09-10T14:15Z, Datum letzte Änderung: 2021-09-10T14:41Z