CVE-2023-24840

HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
twcertCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
hgigaoaklouds_mailsherlock
4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/tw/cp-132-6959-cdecb-1.html
https://www.twcert.org.tw/tw/cp-132-6959-cdecb-1.html