Code injection

2020-09-2218:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.5%

JSON

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.

CPENameOperatorVersion
ozeki_ng_sms_gatewayle4.17.6

CPE	Name	Operator	Version
	ozeki_ng_sms_gateway	le	4.17.6

References

www.ozeki.hu/index.php?owpn=231

github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14027-MySQL%20LOAD%20DATA%20LOCAL%20INFILE%20Attack-Ozeki%20SMS%20Gateway