Hgiga Isherlock 4.5 vulnerabilities
9 known vulnerabilities affecting hgiga/isherlock_4.5.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-11900P2CRITICALCVSS 9.8fixed in 774fixed in 4402025-10-17
CVE-2025-11900 [CRITICAL] CWE-78 CVE-2025-11900: The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2025-3361P2CRITICALCVSS 9.8fixed in 2362025-04-08
CVE-2025-3361 [CRITICAL] CWE-78 CVE-2025-3361: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthen
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2025-3363P2CRITICALCVSS 9.8fixed in 2362025-04-08
CVE-2025-3363 [CRITICAL] CWE-78 CVE-2025-3363: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthen
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2025-3362P2CRITICALCVSS 9.8fixed in 2362025-04-08
CVE-2025-3362 [CRITICAL] CWE-78 CVE-2025-3362: The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthen
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
nvd
CVE-2023-37292P2CRITICALCVSS 9.8≥ , < iSherlock-user-4.5-1742023-07-21
CVE-2023-37292 [CRITICAL] CWE-78 CVE-2023-37292: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.
nvd
CVE-2024-4299P3HIGHCVSS 7.2≥ earlier, < 1472024-04-29
CVE-2024-4299 [HIGH] CWE-78 CVE-2024-4299: The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditShe
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
nvd
CVE-2024-4298P3HIGHCVSS 7.2≥ earlier, < 1882024-04-29
CVE-2024-4298 [HIGH] CWE-78 CVE-2024-4298: The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) f
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
nvd
CVE-2024-4297P4MEDIUMCVSS 4.9≥ earlier, < 1472024-04-29
CVE-2024-4297 [MEDIUM] CWE-22 CVE-2024-4297: The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSh
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
nvd
CVE-2024-4296P4MEDIUMCVSS 4.9≥ earlier, < 1492024-04-29
CVE-2024-4296 [MEDIUM] CWE-22 CVE-2024-4296: The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSher
The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
nvd