CVE-2017-9080

This Metasploit module exploits an authenticated file upload vulnerability in PlaySMS 1.4, where improper handling of the filename field in sendfromfile.php allows code execution. The exploit uploads a malicious file with a PHP payload embedded in the filename, which is then executed via the User-Agent header.

The exploit describes an unrestricted file upload vulnerability in PlaySMS 1.4, where a user can upload a malicious PHP file with a crafted filename containing PHP code. The server processes the filename without proper validation, leading to potential code execution when the filename is displayed on the page.

This Metasploit module exploits a code injection vulnerability in PlaySMS v1.4 by uploading a file with a malicious filename, leading to remote code execution. It requires authentication and leverages CSRF tokens for session management.