CVE-2017-9080

HIGH

PlaySMS 1.4 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-9080. PoCs published by Metasploit, Touhid M.Shaikh, including Metasploit module exploits/multi/http/playsms_filename_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated file upload vulnerability in PlaySMS 1.4, where improper handling of the filename field in sendfromfile.php allows code execution. The exploit uploads a malicious file with a PHP payload embedded in the filename, which is then executed via the User-Agent header.

Description

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/44599

This Metasploit module exploits an authenticated file upload vulnerability in PlaySMS 1.4, where improper handling of the filename field in sendfromfile.php allows code execution. The exploit uploads a malicious file with a PHP payload embedded in the filename, which is then executed via the User-Agent header.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PlaySMS 1.4
Auth required
Prerequisites: Valid credentials for PlaySMS · Access to the sendfromfile.php feature
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Touhid M.Shaikh · textwebappsphp
https://www.exploit-db.com/exploits/42003

The exploit describes an unrestricted file upload vulnerability in PlaySMS 1.4, where a user can upload a malicious PHP file with a crafted filename containing PHP code. The server processes the filename without proper validation, leading to potential code execution when the filename is displayed on the page.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PlaySMS 1.4
Auth required
Prerequisites: Registered user account in PlaySMS · Access to the file upload feature
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/playsms_filename_exec.rb

This Metasploit module exploits a code injection vulnerability in PlaySMS v1.4 by uploading a file with a malicious filename, leading to remote code execution. It requires authentication and leverages CSRF tokens for session management.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PlaySMS v1.4
Auth required
Prerequisites: Valid credentials for PlaySMS · Access to the file upload feature
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42003/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44599/
Broken Link, Third Party Advisory x_refsource_misc
http://touhidshaikh.com/blog/poc/playsms-v1-4-rce/

Scores

CVSS v3 8.8
EPSS 0.7345
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
playsms/playsms 1.4
Published May 19, 2017
Tracked Since Feb 18, 2026