Primary

Context

HGiga iSherlock OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in HGiga's iSherlock application, specifically in versions 4.5 and 5.5, including the MailSherlock, SpamSherlock, and AuditSherlock components. This vulnerability allows unauthenticated local attackers to inject and execute arbitrary operating system commands on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the server, potentially allowing attackers to manipulate the system or access sensitive information.

Remediation

Users can update the iSherlock application to version 476 or later for the base and audit packages in both the 4.5 and 5.5 versions.

Added: Apr 16, 2026, 3:22 AM

Updated: Apr 16, 2026, 3:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

7.7

relevance

6.0

threat

0.1

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

7.7

relevance

6.0

threat

0.1

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HGiga iSherlock OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HGiga iSherlock-base

HGiga iSherlock-audit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating