exploitDog

CVE-2020-14029

Опубликовано: 18 сент. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.

Ссылки

http://www.ozeki.hu/index.php?owpn=231
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14029-XXE-Ozeki%20SMS%20Gateway
Exploit
Third Party Advisory
http://www.ozeki.hu/index.php?owpn=231
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14029-XXE-Ozeki%20SMS%20Gateway
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ozeki:ozeki_ng_sms_gateway:*:*:*:*:*:*:*:*

Версия до 4.17.6 (включая)

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-j5rv-8887-pg3h

github

больше 3 лет назад

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.

EPSS

Процентиль: 62%

0.00433

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611