An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
References
Link | Resource |
---|---|
https://github.com/osvaldotenorio/CVE-2024-34470 |
Configurations
No configuration.
History
03 Jul 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
Summary |
|
|
CWE | CWE-29 |
06 May 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-06 15:15
Updated : 2024-07-03 02:00
NVD link : CVE-2024-34470
Mitre link : CVE-2024-34470
CVE.ORG link : CVE-2024-34470
JSON object : View
Products Affected
No product.
CWE
CWE-29
Path Traversal: '\..\filename'