CVE-2009-0103

Name: CVE-2009-0103
Creator: NVD / NIST
Published: 2009-01-09T18:30:03.047+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 10.05%

Last modified Jun 16, 2026

CVE-2009-0103 is a vulnerability of currently unknown severity. Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.. EPSS estimates a 10.05% chance of exploitation in the next 30 days.

Description

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php.

Metrics

EPSS Probability

10.05%

95.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Playsms	Playsms	0.9.3

References

Timeline

Published: Jan 9, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-0103?

How severe is CVE-2009-0103?

Severity scoring for CVE-2009-0103 is pending analysis. The EPSS model estimates a 10.05% probability of exploitation in the next 30 days.

How do I fix CVE-2009-0103?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0103?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST