First published: Mon Mar 27 2023(Updated: )
HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
HGiga OAKlouds | =4.5 |
Update MailSherlock package version to iSherlock-sysinfo-4.5-133.386
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-24841 is a vulnerability in the HGiga MailSherlock query function for connection log, which has insufficient filtering for user input.
CVE-2023-24841 affects HGiga MailSherlock version 4.5, allowing an authenticated remote attacker with administrator privilege to inject and execute arbitrary system commands.
CVE-2023-24841 has a severity rating of 7.2 (high).
An authenticated remote attacker with administrator privilege can exploit CVE-2023-24841 by injecting and executing arbitrary system commands.
At the moment, there is no known fix for CVE-2023-24841. It is recommended to follow the recommendations provided by the vendor or security advisories.