CVE-2024-34471

{"id": "CVE-2024-34471", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-05-06T16:15:14.137", "references": [{"url": "https://github.com/osvaldotenorio/CVE-2024-34471", "source": "cve@mitre.org"}, {"url": "https://github.com/osvaldotenorio/CVE-2024-34471", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en HSC Mailinspector 5.2.17-3. Existe una vulnerabilidad de Path Traversal (que provoca la eliminaci\u00f3n de archivos) en el archivo mliRealtimeEmails.php. El par\u00e1metro de nombre de archivo en la funcionalidad de exportaci\u00f3n HTML no valida correctamente la ubicaci\u00f3n del archivo, lo que permite a un atacante leer y eliminar archivos arbitrarios en el servidor. Esto se observ\u00f3 cuando el archivo mliRealtimeEmails.php fue le\u00eddo y posteriormente eliminado, lo que result\u00f3 en un error 404 para el archivo y la interrupci\u00f3n de la carga de la informaci\u00f3n del correo electr\u00f3nico."}], "lastModified": "2024-11-21T09:18:45.537", "sourceIdentifier": "cve@mitre.org"}