An issue exists in Ozeki NG SMS Gateway up to and including 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by malicious users to enable MySQL Load Data Local (rogue MySQL server) attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ozeki ozeki ng sms gateway |