CVE-2020-35851
CRITICAL WAF: High
CVSS 9.8
Published: 2020-12-31
CWE-78 CWE-78
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hgiga | msr45_isherlock-user | up to 4.5-115 |
| hgiga | ssr45_isherlock-user | up to 4.5-115 |
References
- www.twcert.org.tw (Third Party Advisory)