PlaySMS 1.4 Code Execution in sendfromfile.php
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. Unrestricted File Upload: Any registered user can upload any file because of not proper Validation of file in sendfromfile. Code Execution using $filename Now We […]