CVE-2021-22848
- EPSS 0.44%
- Veröffentlicht 18.03.2021 05:15:13
- Zuletzt bearbeitet 21.11.2024 05:50:45
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
- EPSS 0.26%
- Veröffentlicht 31.12.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:18:53
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
CVE-2020-25850
- EPSS 0.36%
- Veröffentlicht 31.12.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:18:54
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
CVE-2020-35740
- EPSS 0.29%
- Veröffentlicht 31.12.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:59
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
CVE-2020-35741
- EPSS 0.29%
- Veröffentlicht 31.12.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:59
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
CVE-2020-35742
- EPSS 0.26%
- Veröffentlicht 31.12.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:59
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
CVE-2020-35743
- EPSS 0.26%
- Veröffentlicht 31.12.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:59
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
- EPSS 0.77%
- Veröffentlicht 31.12.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:18
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.