CVE-2024-6469

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6469
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=feature_firewall&op=firewall_list of the component Template Handler. The manipulation of the argument IP address with the input {{`id`} leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270277 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.3 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:L/Au:M/C:N/I:P/A:N

Exploitability : 6.4 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://vuldb.com/?ctiid.270277 Permissions Required VDB Entry
https://vuldb.com/?id.270277 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?submit.363730 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:playsms:playsms:1.4.3:*:*:*:*:*:*:*
History

05 Jul 2024, 17:09

Type Values Removed Values Added
CPE cpe:2.3:a:playsms:playsms:1.4.3:*:*:*:*:*:*:*
First Time Playsms
Playsms playsms
CVSS v2 : 3.3
v3 : 2.7 		v2 : 3.3
v3 : 8.8
References () https://vuldb.com/?ctiid.270277 - () https://vuldb.com/?ctiid.270277 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.270277 - () https://vuldb.com/?id.270277 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.363730 - () https://vuldb.com/?submit.363730 - Exploit, Third Party Advisory, VDB Entry
Summary
  • (es) Se encontró una vulnerabilidad en playSMS 1.4.3. Ha sido declarada problemática. Una función desconocida del archivo /index.php?app=main&inc=feature_firewall&op=firewall_list del componente Template Handler es afectada por esta vulnerabilidad. La manipulación del argumento dirección IP con la entrada {{`id`} conduce a la inyección. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-270277. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

03 Jul 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-03 11:15

Updated : 2024-07-05 17:09

NVD link : CVE-2024-6469

Mitre link : CVE-2024-6469

CVE.ORG link : CVE-2024-6469

JSON object : View

Products Affected

playsms

  • playsms
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024