The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-7767-ce3b4-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-04-29T02:28:24.526Z
Updated: 2024-08-01T20:33:53.076Z
Reserved: 2024-04-29T01:47:07.589Z
Link: CVE-2024-4297
Vulnrichment
Updated: 2024-08-01T20:33:53.076Z
NVD
Status : Awaiting Analysis
Published: 2024-04-29T03:15:09.613
Modified: 2024-04-29T12:42:03.667
Link: CVE-2024-4297
Redhat
No data.