CVE-2021-22848

Summary

HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.

Affected Software

VendorProductVersion RangeStatus
HGigaMailSherlock MSR45/SSR45iSherlock-user-4.5 < 120affected
HGigaMailSherlock MSR45/SSR45iSherlock-antispam-4.5 < 133affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References