Attacker Value

Moderate

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2020-8644

Disclosure Date: February 05, 2020 •

CVE-2020-8644 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by gwillcox-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

PlaySMS index.php Unauthenticated Template Injection Code Execution

Description

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

Add Assessment

touhidshaikh (3)

March 12, 2020 4:40pm UTC (4 years ago)•Edited 3 years ago

Ratings

Attacker Value

Medium

Exploitability

Very High

Easy to weaponize Gives privileged access Unauthenticated

Technical Analysis

Description

This module exploits a Preauth Server-Side Template Injection leads remote code execution vulnerability in PlaySMS Before Version 1.4.3. This issue is caused by Double processes a server-side template by Custom PHP Template system called ‘TPL’.which is used in PlaySMS template engine location src/Playsms/Tpl.php:_compile(). When Attacker supply username with a malicious payload and submit. This malicious payload first processes by TPL and save the value in the current template after this value goes for the second process which result in code execution.
The TPL(https://github.com/antonraharja/tpl) template language is vulnerable to PHP code injection

Vulnerable Application

Available at Source Forge

Metasploit Exploit (Written By Me)

Available at Github PR

Exploit Video PoC

Available at Youtube Video

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

playsms

Products

playsms

Metasploit Modules

PlaySMS index.php Unauthenticated Template Injection Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/playsms_template_injection.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: November 03, 2021 4:48pm UTC (2 years ago)

References

Canonical

CVE-2020-8644 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8644)

Miscellaneous

https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released

https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704

https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644

http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html

Rapid7

Moderate

CVE-2020-8644

Moderate

Very High

None

None

Network

CVE-2020-8644

Description

Add Assessment

Ratings

Technical Analysis

Description

Vulnerable Application

Metasploit Exploit (Written By Me)

Exploit Video PoC

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Moderate

CVE-2020-8644

Moderate

Very High

None

None

Network

CVE-2020-8644

Description

Add Assessment

Ratings

Technical Analysis

Description

Vulnerable Application

Metasploit Exploit (Written By Me)

Exploit Video PoC

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification