CVE-2020-14022

Name of the Vulnerable Software and Affected Versions Ozeki NG SMS Gateway versions 4.17.1 through 4.17.6

Description The issue concerns the "Import Contacts" functionality, which does not check the file type when bulk importing new contacts from a file. This allows an attacker to upload an executable or .bat file, which can then be executed using certain functionalities within the application, such as the "Application Starter" module.

Recommendations For Ozeki NG SMS Gateway versions 4.17.1 through 4.17.6, consider disabling the "Import Contacts" functionality until a patch is available to prevent the upload of malicious files. Additionally, restrict access to the "Application Starter" module to minimize the risk of exploitation.