CVE-2017-9101

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt