Ozeki Ozeki Ng Sms Gateway — known CVE vulnerabilities
Every CVE whose affected-product data names Ozeki Ozeki Ng Sms Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2020-14025 — CVSS 8.8 (high): Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked…
CVE-2020-14022 — CVSS 8.8 (high): Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality)…
CVE-2020-14026 — CVSS 8.8 (high): CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through…
CVE-2020-14029 — CVSS 7.5 (high): An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens…
CVE-2020-14031 — CVSS 7.2 (high): An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete…
CVE-2020-14028 — CVSS 7.2 (high): An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's…
CVE-2020-14030 — CVSS 7.2 (high): An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By…
CVE-2020-14024 — CVSS 6.1 (medium): Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or…
CVE-2020-14027 — CVSS 5.3 (medium): An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as…
CVE-2020-14021 — CVSS 4.9 (medium): An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of…