CVE-2017-9080
CVE-2017-9080
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 62.3%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
19 May 2017Published on NVD
21 May 2017Metasploit module available
08 May 2018Public PoC
Weaponization speed
353 daysto first PoC
1 daysto Metasploit module
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/44599unverifiedcve_referencewww.exploit-db.com/exploits/42003/unverifiedcve_referencewww.exploit-db.com/exploits/44599/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.