← back
CVE-2017-9080

CVE-2017-9080

EPSS 62.3%
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 62.3%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
19 May 2017Published on NVD
21 May 2017Metasploit module available
08 May 2018Public PoC
Weaponization speed
353 daysto first PoC
1 daysto Metasploit module
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.