Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-8644

Disclosure Date: February 05, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

Add Assessment

2
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Technical Analysis

Description

This module exploits a Preauth Server-Side Template Injection leads remote code execution vulnerability in PlaySMS Before Version 1.4.3. This issue is caused by Double processes a server-side template by Custom PHP Template system called ‘TPL’.which is used in PlaySMS template engine location src/Playsms/Tpl.php:_compile(). When Attacker supply username with a malicious payload and submit. This malicious payload first processes by TPL and save the value in the current template after this value goes for the second process which result in code execution.
The TPL(https://github.com/antonraharja/tpl) template language is vulnerable to PHP code injection

Vulnerable Application

Available at Source Forge

Metasploit Exploit (Written By Me)

Available at Github PR

Exploit Video PoC

Available at Youtube Video

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Technical Analysis