CVE-2020-14025

2020-09-2217:41:28

mitre

www.cve.org

ozeki ng sms gateway

csrf

vulnerabilities

administrator

link

unwanted changes

modules

password

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

46.3%

JSON

Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.

References

github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14025-Cross-Site%20Request%20Forgery-Ozeki%20SMS%20Gateway

www.ozeki.hu/index.php?owpn=231