An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
References
Link | Resource |
---|---|
https://github.com/osvaldotenorio/CVE-2024-34470 | Exploit Third Party Advisory |
https://github.com/osvaldotenorio/CVE-2024-34470 | Exploit Third Party Advisory |
Configurations
History
17 Jun 2025, 16:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/osvaldotenorio/CVE-2024-34470 - Exploit, Third Party Advisory | |
First Time |
Hsclabs
Hsclabs mailinspector |
|
CPE | cpe:2.3:a:hsclabs:mailinspector:*:*:*:*:*:*:*:* |
21 Nov 2024, 09:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/osvaldotenorio/CVE-2024-34470 - |
03 Jul 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
CWE | CWE-29 |
06 May 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-06 15:15
Updated : 2025-06-17 16:23
NVD link : CVE-2024-34470
Mitre link : CVE-2024-34470
CVE.ORG link : CVE-2024-34470
JSON object : View
Products Affected
hsclabs
- mailinspector
CWE
CWE-29
Path Traversal: '\..\filename'