Full title: PlaySMS 1.4 - sendfromfile.php?Filename Authenticated Code Execution Exploit Category: remote exploits Platform: php This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7. # 0day.today @ http://0day.today/