CVE-2017-9101
a vulnerability classified as critical has been found in playsms 1.4. This affects an unknown functionality of the file import.php of the component Phonebook Import. The manipulation of the argument User-Agent as part of a HTTP Header leads to a unrestricted upload vulnerability. CWE is classifying the issue as CWE-434. The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. This is going to have an impact on confidentiality, integrity, and availability.
exploit
Exploit found online