Vulnerabilities > CVE-2020-14026 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Ozeki NG SMS Gateway

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
ozeki
CWE-1236
critical

Summary

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.

Vulnerable Configurations

Part Description Count
Application
Ozeki
372