CVE-2004-2263
CVE-2004-2263 is a high-severity vulnerability in Playsms with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 1% (68th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Playsms
- Published:
- Last modified:
Description
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
Frequently asked questions
- What is CVE-2004-2263?
- SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
- How severe is CVE-2004-2263?
- CVE-2004-2263 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2004-2263 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (68th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2004-2263?
- CVE-2004-2263 primarily affects Playsms. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2004-2263?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2004-2263 published?
- CVE-2004-2263 was published on 2004-12-31 and last updated on 2026-06-16.
References
- http://securitytracker.com/id?1010984
- http://sourceforge.net/project/shownotes.php?release_id=254915
- http://www.osvdb.org/8984
- http://www.securiteam.com/unixfocus/5UP0F2ADPS.html
- http://www.securityfocus.com/bid/10970
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17031
Affected products (2)
- cpe:2.3:a:playsms:playsms:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:playsms:playsms:0.7:*:*:*:*:*:*:*
More vulnerabilities in Playsms
- CVE-2022-47034 — Critical (CVSS 9.8): A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass…
- CVE-2021-40373 — Critical (CVSS 9.8): playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of…
- CVE-2020-8644 — Critical (CVSS 9.8): PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
- CVE-2017-9101 — Critical (CVSS 9.8): import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the…
- CVE-2017-9080 — High (CVSS 8.8): PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed.…
- CVE-2009-0103 — High (CVSS 7.5): Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP…