Ozeki Ng Sms Gateway Security Vulnerabilities and Issues — Ozeki Ng Sms Gateway CVE List

Lucene search

OzekiOzeki Ng Sms Gateway

4 matches found

CVE•added 2020/09/22 6:15 p.m.•83 views

CVE-2020-14022

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) w...

9CVSS8.6AI score0.00794EPSS

CVE•added 2020/09/22 6:15 p.m.•40 views

CVE-2020-14026

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.

9.3CVSS8.7AI score0.01031EPSS

CVE•added 2020/09/22 6:15 p.m.•39 views

CVE-2020-14031

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the sys...

9CVSS6.9AI score0.00751EPSS

CVE•added 2020/09/22 6:15 p.m.•30 views

CVE-2020-14028

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.

9CVSS7AI score0.01091EPSS