# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 1.4.7   | :white_check_mark: |
| 1.4.6   | :white_check_mark: |
| 1.4.5   | :white_check_mark: |
| 1.4.3   | :white_check_mark: |

## Contributors and Reporters

- Matteo Sebasta for [CVE-2022-47034 Authentication Bypass due to a PHP Type Juggling vulnerability](https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2022-47034)
- Maik Ro for [CVE-2021-40373 Arbitrary Code Execution](https://github.com/maikroservice/CVE-2021-40373)
- Preetham Bomma (cyber01) and Farid Luhar (ghost_fh) for [#605 Session Fixation](https://github.com/playsms/playsms/issues/605)
- Lucas Rosevear of NCC Group for [CVE-2020-8644 Pre-authentication Remote Code Execution](https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/)
- TMHC TEAM for [CVE-2018-18387 Privilege Escalation](https://github.com/TheeBlind/CVE-2018-18387)
- Touhid M.Shaikh for [CVE-2017-9101 Remote Code Execution using Phonebook import.php](https://www.cvedetails.com/cve/CVE-2017-9101/)

## Reporting a Vulnerability

Please email me at araharja@pm.me for any security information regarding playSMS.

I will add old and new security contributors and reporters in this file.

It might be slow update, but it will be done.

Thank you.