{"id":"CVE-2021-40373","details":"playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.","modified":"2026-04-10T04:37:54.337318Z","published":"2021-09-10T14:15:12.637Z","references":[{"type":"ADVISORY","url":"https://playsms.org/2021/09/04/playsms-1-4-5-released/"},{"type":"EVIDENCE","url":"https://github.com/maikroservice/CVE-2021-40373"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/playsms/playsms","events":[{"introduced":"0"},{"fixed":"9a02e78637214c3f68a4e8fdb1a0144646ebe9b6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.5"}]}}],"versions":["0.9.5","0.9.5.1","0.9.5.2","0.9.5.3","0.9.6","0.9.7","0.9.7-beta1","0.9.7-beta2","0.9.7.1","0.9.8","0.9.8-beta1","0.9.8-beta2","0.9.9","0.9.9-beta1","0.9.9-beta2","0.9.9-beta3","0.9.9.1","0.9.9.1-beta1","0.9.9.1-beta2","0.9.9.1-beta3","0.9.9.2","0.9.9.2-beta1","0.9.9.2-beta2","0.9.9.2-beta3","0.9.9.2-beta4","0.9.9.2-beta5","0.9.9.2-beta6","0.9.9.2-rc","1.0","1.0-beta1","1.0-beta2","1.0-beta4","1.0-beta5","1.0-rc1","1.0-rc2","1.0-rc3","1.0-rc4","1.0-rc5","1.0-rc6","1.0-rc8","1.0-rc9","1.1","1.2","1.3","1.3.1","1.4","1.4-beta1","1.4-beta2","1.4-beta3","1.4.1","1.4.2","1.4.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40373.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}