CVE-2023-37292
CRITICALHGiga iSherlock 4.5-5.5 - OS Command Injection in iSherlock-user Modules
Title source: llmDescription
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.
References (1)
Core 1
Core References
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7239-8fc29-1.html
Scores
CVSS v3
9.8
EPSS
0.0113
EPSS Percentile
62.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
hgiga/isherlock
4.5 - 4.5-174
Published
Jul 21, 2023
Tracked Since
Feb 18, 2026