Описание
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.5 (включая) до 4.5-188 (исключая)Версия от 5.5 (включая) до 5.5-188 (исключая)
Одно из
cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*
cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02199
Низкий
7.2 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.2
github
почти 2 года назад
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
EPSS
Процентиль: 84%
0.02199
Низкий
7.2 High
CVSS3
Дефекты
CWE-78