cbcvebase.
CVE-2023-7327
published 2025-11-12

CVE-2023-7327: Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to…

PriorityP266high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.96%
77.8th percentile
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.

Affected

1 ranges
VendorProductVersion rangeFixed in
ozeki_ltdozeki_sms_gateway<= 10.3.208

Detection & IOCsextracted from sources · hover to see the quote

url/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
urlhttps://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
  • Detect path traversal attempts using double URL-encoded sequences (%252f) targeting Ozeki SMS Gateway; look for GET requests containing '..%252f' repeated sequences in the URL path.
  • Successful exploitation returns HTTP 200 with Content-Type 'application/octet-stream' and body containing both 'Mail' and 'files' strings (win.ini content indicators).
  • The vulnerability is unauthenticated — no session or credentials are required to trigger the file read; monitor for traversal patterns on Ozeki SMS Gateway endpoints without authentication headers.
  • ·Vulnerability affects Ozeki SMS Gateway versions up to and including 10.3.208 only; later versions may not be affected.
  • ·The proof-of-concept targets a Windows host (reads windows/win.ini); detection signatures relying on win.ini body content will not fire against Linux deployments — adjust target file accordingly.
  • ·The traversal uses double URL-encoding (%252f for /); WAFs or proxies that only decode a single layer will not normalise the path and may miss or incorrectly block the request.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.