HGiga MailSherlock - Command Injection
CVE-2023-24841

7.2HIGH

Key Information:

Vendor: Hgiga
Status: Mailsherlock
Vendor: CVE Published:; 27 March 2023

What is CVE-2023-24841?

HGiga MailSherlock contains a vulnerability in its query function used for connection logs, which lacks sufficient filtering of user input. This weakness can be exploited by an authenticated attacker possessing administrator permissions to inject arbitrary commands. The exploit allows for potential disruption of services or unauthorized execution of system operations, leading to significant security concerns for affected systems.

Affected Version(s)

MailSherlock iSherlock-sysinfo-4.5

References

https://www.twcert.org.tw/tw/cp-132-6960-fc2fe-1.html

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Jan 31, 2023

CVE-2023-24841 Data

JSON

Hgiga

What is CVE-2023-24841?

Affected Version(s)

References

CVSS V3.1

Timeline