CVE-2023-24840: HGiga MailSherlock - SQL Injection
First published: Mon Mar 27 2023(Updated: )
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HGiga OAKlouds | =4.5 |
Remedy
Update MailSherlock package version to iSherlock-query-4.5-168.386
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for HGiga MailSherlock?
The vulnerability ID for HGiga MailSherlock is CVE-2023-24840.
What is the severity rating for CVE-2023-24840?
The severity rating for CVE-2023-24840 is high (7.2).
What is the affected software for CVE-2023-24840?
The affected software for CVE-2023-24840 is Hgiga Oaklouds Mailsherlock version 4.5.
What is the CWE category for CVE-2023-24840?
The CWE category for CVE-2023-24840 is CWE-89 (SQL Injection).
How can an attacker exploit CVE-2023-24840?
An authenticated remote attacker with administrator privilege can exploit CVE-2023-24840 to inject SQL commands and perform unauthorized actions on the database.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/title
- agent/weakness
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hgiga
- canonical/hgiga oaklouds
- version/hgiga oaklouds/4.5