{"id":"CVE-2021-40373","details":"playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.","modified":"2026-05-18T20:49:59.998588Z","published":"2021-09-10T14:15:12.637Z","references":[{"type":"ADVISORY","url":"https://playsms.org/2021/09/04/playsms-1-4-5-released/"},{"type":"EVIDENCE","url":"https://github.com/maikroservice/CVE-2021-40373"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/playsms/playsms","events":[{"introduced":"0"},{"fixed":"9a02e78637214c3f68a4e8fdb1a0144646ebe9b6"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.4.5"}],"cpe":"cpe:2.3:a:playsms:playsms:*:*:*:*:*:*:*:*"}}],"versions":["1.4.3","1.4.2","1.4.1","1.4","1.4-beta3","1.4-beta2","1.4-beta1","1.3.1","1.3","1.2","1.1","1.0","1.0-rc9","1.0-rc8","1.0-rc6","1.0-rc5","1.0-rc4","1.0-rc3","1.0-rc2","1.0-rc1","1.0-beta5","1.0-beta4","1.0-beta2","1.0-beta1","0.9.9.2","0.9.9.2-rc","0.9.9.2-beta6","0.9.9.2-beta5","0.9.9.2-beta4","0.9.9.2-beta3","0.9.9.2-beta2","0.9.9.2-beta1","0.9.9.1","0.9.9.1-beta3","0.9.9.1-beta2","0.9.9.1-beta1","0.9.9","0.9.9-beta3","0.9.9-beta2","0.9.9-beta1","0.9.8","0.9.8-beta2","0.9.8-beta1","0.9.7.1","0.9.7","0.9.7-beta2","0.9.7-beta1","0.9.6","0.9.5.3","0.9.5.2","0.9.5.1","0.9.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40373.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}