go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



HGiga C&Cmail - SQL Injection

TVN ID TVN-202002003
CVE ID CVE-2020-10512
CVSS 8.8 (High)
Affected Products HGiga C&Cmail CCMAILQ versions prior to olln-calendar-6.0-100.i386.rpm and HGiga C&Cmail CCMAILN versions prior to olln-calendar-5.0-100.i386.rpm
Description HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.
Solution Contact HGiga Inc. for updated version.
Credit Tony Kuo (CHT Security)
Public Date 2020-04-15