CVE-2024-34470
published 2024-05-06CVE-2024-34470: An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file…
PriorityP266high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
6.70%
93.1th percentile
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hsclabs | mailinspector | >= 5.2.17-3 < 5.2.19 | 5.2.19 |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
rule CVE_2024_34470_LFI { strings: $traversal = "/mailinspector/public/loader.php?path=" $passwd = "root:" condition: $traversal and $passwd }- →Look for unauthenticated GET requests to /mailinspector/public/loader.php containing path traversal sequences (e.g., '../') in the 'path' parameter. ↗
- →Successful exploitation returns HTTP 200 with content matching 'root:.*:0:0:' in the response body, indicating /etc/passwd disclosure. ↗
- →Fingerprint HSC Mailinspector instances by searching for the string 'Licensed to HSC TREINAMENTO' in the login page body at /mailinspector/login.php. ↗
- →Use FOFA query 'mailinspector/public' to identify exposed HSC Mailinspector instances on the internet. ↗
- ·The vulnerability affects HSC Mailinspector versions 5.2.17-3 through 5.2.18 only; versions outside this range are not confirmed vulnerable. ↗
- ·Exploitation requires no authentication (PR:N, UI:N), meaning the attack surface is fully exposed on any network-reachable instance. ↗
- ·The Nuclei template uses a two-step flow: first confirming the HSC Mailinspector fingerprint, then triggering the path traversal — both steps must succeed for a confirmed positive. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
nuclei·CVSS 8.6
CVE-2024-34470 [HIGH] HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
Template:
id: CVE-2024-34470
info:
name: HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
author: topscoder
severity: high
description: |
An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
impact: |
Unauthenticated attackers can exploit path traversal to read ar
No writeups or analysis indexed.
2024-05-06
Published