CVE-2020-35743 : Security Advisory and Response
Learn about CVE-2020-35743, a SQL injection vulnerability in HGiga MailSherlock, allowing attackers to execute SQL commands. Find mitigation steps and update information here.
HGiga MailSherlock contains a SQL injection flaw that allows attackers to inject and execute SQL commands through specific CGI pages.
Understanding CVE-2020-35743
This CVE involves a SQL injection vulnerability in HGiga MailSherlock, impacting specific versions of the product.
What is CVE-2020-35743?
HGiga MailSherlock is susceptible to a SQL injection flaw, enabling malicious actors to execute SQL commands via a URL parameter in certain CGI pages.
The Impact of CVE-2020-35743
The vulnerability has a CVSS v3.1 base score of 7, indicating a high severity issue with a significant impact on confidentiality.
Technical Details of CVE-2020-35743
This section provides detailed technical information about the CVE.
Vulnerability Description
The SQL injection flaw in HGiga MailSherlock allows attackers to manipulate SQL queries through URL parameters, posing a significant security risk.
Affected Systems and Versions
- Product: MailSherlock MSR45/SSR45
- Affected Versions:
- iSherlock-user-4.5: < 120
- iSherlock-antispam-4.5: < 133
Exploitation Mechanism
- Attack Complexity: High
- Attack Vector: Network
- Confidentiality Impact: High
- Integrity Impact: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Availability Impact: Low
Mitigation and Prevention
Protect your systems from the CVE-2020-35743 vulnerability with the following measures.
Immediate Steps to Take
- Update MailSherlock MSR45/SSR45 Module to:
- iSherlock-user-4.5-120.i386.rpm
- iSherlock-antispam-4.5-133.i386.rpm
Long-Term Security Practices
- Regularly monitor and audit web applications for vulnerabilities
- Implement input validation and parameterized queries to prevent SQL injection attacks
Patching and Updates
- Apply security patches and updates promptly to address known vulnerabilities