The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-7765-49906-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-04-29T02:08:23.300Z
Updated: 2024-08-06T20:03:13.097Z
Reserved: 2024-04-29T01:47:05.422Z
Link: CVE-2024-4296
Vulnrichment
Updated: 2024-08-01T20:33:53.173Z
NVD
Status : Awaiting Analysis
Published: 2024-04-29T02:15:06.153
Modified: 2024-04-29T12:42:03.667
Link: CVE-2024-4296
Redhat
No data.