CVE-2023-7327

Vulnerability Description

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.

Related Weaknesses (CWE)

CWE-22

References

https://ozeki-sms-gateway.com/
https://www.exploit-db.com/exploits/51646
https://www.vulncheck.com/advisories/ozeki-sms-gateway-unauthenticated-arbitrary

FAQ

What is CVE-2023-7327?

CVE-2023-7327 is a documented vulnerability. Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to rea...

How severe is CVE-2023-7327?

CVSS scoring is not yet available for CVE-2023-7327. Check NVD for updates.

Is there a patch for CVE-2023-7327?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.