CVE-2020-14027

Name of the Vulnerable Software and Affected Versions Ozeki NG SMS Gateway versions prior to 4.17.7

Description An issue was discovered where the database connection strings in Ozeki NG SMS Gateway accept custom unsafe arguments, such as ENABLE LOCAL INFILE, which can be used by attackers to enable MySQL Load Data Local attacks, potentially allowing a rogue MySQL server to be used.

Recommendations For Ozeki NG SMS Gateway versions prior to 4.17.7, update to version 4.17.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of custom database connection string arguments to prevent exploitation.