GCVE - cpe:2.3:a:hgiga:msr45_isherlock-user:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hgiga:msr45_isherlock-user:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Hgiga (`3395f64f-c7c9-5c57-a478-cf9fa807fa6c`)
Product	Msr45 Isherlock User (`6d58c731-eec4-56c3-b773-9d079b375d5e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-22848`	vulnerable	2026-06-03 14:43:54.042189	HGiga MailSherlock - SQL Injection-2 HIGH (7) HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege. Published: 2021-03-18T04:35:21.791Z Updated: 2024-09-16T20:57:24.152Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-35851`	vulnerable	2026-06-03 14:42:32.764872	HGiga MailSherlock - Command Injection HIGH (8.1) HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system. Published: 2020-12-31T07:45:52.468Z Updated: 2024-09-17T04:25:22.980Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-35743`	vulnerable	2026-06-03 14:42:32.278338	HGiga MailSherlock - SQL Injection -3 HIGH (7) HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. Published: 2020-12-31T07:45:51.808Z Updated: 2024-09-17T02:37:09.672Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-35742`	vulnerable	2026-06-03 14:42:32.277909	HGiga MailSherlock - SQL Injection -1 HIGH (7) HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. Published: 2020-12-31T07:45:51.201Z Updated: 2024-09-16T18:03:00.267Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-35741`	vulnerable	2026-06-03 14:42:32.277475	HGiga MailSherlock - XSS -2 HIGH (7) HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks. Published: 2020-12-31T07:45:50.593Z Updated: 2024-09-16T22:55:57.902Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-35740`	vulnerable	2026-06-03 14:42:32.275866	HGiga MailSherlock - XSS -1 HIGH (7) HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. Published: 2020-12-31T07:45:49.988Z Updated: 2024-09-16T23:36:40.227Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-25850`	vulnerable	2026-06-03 14:42:15.527076	HGiga MailSherlock - Arbitrary File Download HIGH (8.1) The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files. Published: 2020-12-31T07:45:49.379Z Updated: 2024-09-16T20:36:52.413Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-25848`	vulnerable	2026-06-03 14:42:15.515817	HGiga MailSherlock - Broken Authentication CRITICAL (9.8) HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. Published: 2020-12-31T07:45:48.728Z Updated: 2024-09-17T00:11:14.724Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9883`	vulnerable	2026-06-03 14:40:49.962543	Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account. Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes. Published: 2019-06-03T18:03:21.000Z Updated: 2024-08-04T22:01:54.986Z Open on db.gcve.eu Reference links https://tvn.twcert.org.tw/taiwanvn/TVN-201904003 http://surl.twcert.org.tw/mChNi	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9882`	vulnerable	2026-06-03 14:40:49.960985	Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist. Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes. Published: 2019-06-03T18:03:21.000Z Updated: 2024-08-04T22:01:54.950Z Open on db.gcve.eu Reference links https://tvn.twcert.org.tw/taiwanvn/TVN-201904002 http://surl.twcert.org.tw/MtWeJ	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.