Loading
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.
Use CWE-94, Playsms vendor hub and Playsms product page to widen CVE-2009-0103 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-8644, CVE-2022-47034 and CVE-2021-40373 for nearby disclosures in the same product family.