An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.
References
Link | Resource |
---|---|
http://www.ozeki.hu/index.php?owpn=231 | Vendor Advisory |
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14029-XXE-Ozeki%20SMS%20Gateway | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-18T17:14:04
Updated: 2020-09-18T17:14:04
Reserved: 2020-06-11T00:00:00
Link: CVE-2020-14029
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-18T18:15:16.287
Modified: 2020-09-26T02:29:46.877
Link: CVE-2020-14029
JSON object: View
Redhat Information
No data.
CWE