HGiga MailSherlock - SQL Injection-2
Description
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote attackers can execute SQL commands via URL parameters in HGiga MailSherlock email pages without authentication.
Vulnerability
HGiga MailSherlock contains a SQL injection vulnerability in its email pages. Attackers can inject SQL syntax and execute SQL commands via a URL parameter. The affected products are MailSherlock MSR45/SSR45 Module: iSherlock-user-4.5 versions before 120 and iSherlock-antispam-4.5 versions before 133. [1]
Exploitation
An attacker does not require authentication to exploit this vulnerability. The attack vector is network-based, and the complexity is high (AC:H). By crafting a malicious URL parameter, the attacker can inject arbitrary SQL statements. [1]
Impact
Successful exploitation allows an attacker to execute unauthorized SQL commands, leading to potential information disclosure, data modification, or other unauthorized actions. The CVSS score is 7.0 (High) with confidentiality impact High, integrity Low, and availability Low. [1]
Mitigation
HGiga released fixed versions: iSherlock-user-4.5-120.i386.rpm and iSherlock-antispam-4.5-133.i386.rpm. Users should update to the latest versions to remediate the vulnerability. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- HGiga/MailSherlock MSR45/SSR45v5Range: iSherlock-user-4.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.