Mailsherlock
Approved changes feed: RSS · Atom
cpe:2.3:a:hgiga:mailsherlock:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Hgiga (3395f64f-c7c9-5c57-a478-cf9fa807fa6c) |
|---|---|
| Product | Mailsherlock (7d17cf00-528d-5cf2-80c5-1d3f46e245f7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-24842 |
vulnerable | 2026-06-03 14:49:30.482248 |
HGiga MailSherlock - Broken Access Control
MEDIUM (5.3)
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.
Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T15:54:06.404Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-24841 |
vulnerable | 2026-06-03 14:49:30.481893 |
HGiga MailSherlock - Command Injection
HIGH (7.2)
HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T15:55:17.853Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-24840 |
vulnerable | 2026-06-03 14:49:30.481580 |
HGiga MailSherlock - SQL Injection
HIGH (7.2)
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database.
Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T15:56:20.875Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-24839 |
vulnerable | 2026-06-03 14:49:30.480615 |
HGiga MailSherlock - Reflected XSS
MEDIUM (6.1)
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.
Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T16:07:44.653Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.