CVE-2020-14029

Name of the Vulnerable Software and Affected Versions Ozeki NG SMS Gateway versions prior to 4.17.7

Description The issue is related to the RSS To SMS module processing XML files in an unsafe manner, making the application susceptible to an XML External Entity attack. This can be exploited to perform Server-Side Request Forgery (SSRF) or read arbitrary local files.

Recommendations For Ozeki NG SMS Gateway versions prior to 4.17.7, update to version 4.17.7 or later to resolve the issue. As a temporary workaround, consider disabling the RSS To SMS module until a patch is available. Restrict access to the module to minimize the risk of exploitation.