cbcvebase.

Hgiga Isherlock 4.5 vulnerabilities

9 known vulnerabilities affecting hgiga/isherlock_4.5.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-11900P2CRITICALCVSS 9.8fixed in 774fixed in 4402025-10-17
CVE-2025-11900 [CRITICAL] CWE-78 CVE-2025-11900: The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2025-3361P2CRITICALCVSS 9.8fixed in 2362025-04-08
CVE-2025-3361 [CRITICAL] CWE-78 CVE-2025-3361: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthen The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2025-3363P2CRITICALCVSS 9.8fixed in 2362025-04-08
CVE-2025-3363 [CRITICAL] CWE-78 CVE-2025-3363: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthen The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2025-3362P2CRITICALCVSS 9.8fixed in 2362025-04-08
CVE-2025-3362 [CRITICAL] CWE-78 CVE-2025-3362: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthen The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2023-37292P2CRITICALCVSS 9.8≥ , < iSherlock-user-4.5-1742023-07-21
CVE-2023-37292 [CRITICAL] CWE-78 CVE-2023-37292: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.
nvd
CVE-2024-4299P3HIGHCVSS 7.2≥ earlier, < 1472024-04-29
CVE-2024-4299 [HIGH] CWE-78 CVE-2024-4299: The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditShe The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
nvd
CVE-2024-4298P3HIGHCVSS 7.2≥ earlier, < 1882024-04-29
CVE-2024-4298 [HIGH] CWE-78 CVE-2024-4298: The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) f The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
nvd
CVE-2024-4297P4MEDIUMCVSS 4.9≥ earlier, < 1472024-04-29
CVE-2024-4297 [MEDIUM] CWE-22 CVE-2024-4297: The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSh The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
nvd
CVE-2024-4296P4MEDIUMCVSS 4.9≥ earlier, < 1492024-04-29
CVE-2024-4296 [MEDIUM] CWE-22 CVE-2024-4296: The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSher The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
nvd
Hgiga Isherlock 4.5 vulnerabilities | cvebase