CVE-2020-35742
HIGH WAF: High
CVSS 7.6
Published: 2020-12-31
CWE-89 CWE-89
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hgiga | msr45_isherlock-antispam | up to 4.5-133 |
| hgiga | msr45_isherlock-user | up to 4.5-120 |
| hgiga | ssr45_isherlock-antispam | up to 4.5-133 |
| hgiga | ssr45_isherlock-user | up to 4.5-120 |
References
- www.twcert.org.tw (Third Party Advisory)