CVE-2024-8880

CVSS 3.1 Score 5.6 of 10 (medium)

Details

Published Sep 16, 2024
Updated: Sep 20, 2024
CWE ID 94

Summary

CVE-2024-8880 is a critical vulnerability affecting playSMS versions 1.4.4 through 1.4.7, specifically within the Template Handler component in the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot. The flaw allows for code injection through manipulation of the username/email/captcha arguments, which can be exploited remotely; however, the attack complexity is rated as high, making exploitation difficult. Organizations using affected versions are advised to upgrade to version 1.4.3 or later, as earlier fixes were inadvertently reintroduced in subsequent releases. While the vulnerability poses a medium severity risk with potential impacts on integrity and confidentiality, exploitability remains low due to the high complexity required for successful execution. The issue was disclosed publicly after early notification to project maintainers, emphasizing the importance of prompt remediation actions by users of playSMS software.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share