{"id":"CVE-2024-6469","details":"A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=feature_firewall&op=firewall_list of the component Template Handler. The manipulation of the argument IP address with the input {{`id`} leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270277 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","modified":"2026-03-15T14:51:48.537657Z","published":"2024-07-03T11:15:04.870Z","references":[{"type":"REPORT","url":"https://vuldb.com/?ctiid.270277"},{"type":"REPORT","url":"https://vuldb.com/?id.270277"},{"type":"EVIDENCE","url":"https://vuldb.com/?submit.363730"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/playsms/playsms","events":[{"introduced":"0"},{"last_affected":"2182f6dbdac66d007762c0c22bf68ee0272f1eac"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.3"}]}}],"versions":["0.9.5","0.9.5.1","0.9.5.2","0.9.5.3","0.9.6","0.9.7","0.9.7-beta1","0.9.7-beta2","0.9.7.1","0.9.8","0.9.8-beta1","0.9.8-beta2","0.9.9","0.9.9-beta1","0.9.9-beta2","0.9.9-beta3","0.9.9.1","0.9.9.1-beta1","0.9.9.1-beta2","0.9.9.1-beta3","0.9.9.2","0.9.9.2-beta1","0.9.9.2-beta2","0.9.9.2-beta3","0.9.9.2-beta4","0.9.9.2-beta5","0.9.9.2-beta6","0.9.9.2-rc","1.0","1.0-beta1","1.0-beta2","1.0-beta3","1.0-beta4","1.0-beta5","1.0-rc1","1.0-rc2","1.0-rc3","1.0-rc4","1.0-rc5","1.0-rc6","1.0-rc7","1.0-rc8","1.0-rc9","1.1","1.2","1.2.1","1.3","1.3.1","1.4","1.4-beta1","1.4-beta2","1.4-beta3","1.4.1","1.4.2","1.4.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6469.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}