HGiga MailSherlock - Command Injection
CVE-2023-24841

7.2HIGH

Key Information:

Vendor: Hgiga
Status: Mailsherlock
Vendor: CVE Published:; 27 March 2023

What is CVE-2023-24841?

HGiga MailSherlock contains a vulnerability in its query function used for connection logs, which lacks sufficient filtering of user input. This weakness can be exploited by an authenticated attacker possessing administrator permissions to inject arbitrary commands. The exploit allows for potential disruption of services or unauthorized execution of system operations, leading to significant security concerns for affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MailSherlock iSherlock-sysinfo-4.5

References

https://www.twcert.org.tw/tw/cp-132-6960-fc2fe-1.html

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Jan 31, 2023

JSON

Hgiga

What is CVE-2023-24841?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.