Hsclabs Mailinspector vulnerabilities
10 known vulnerabilities affecting hsclabs/mailinspector.
Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2024-34470P2HIGHCVSS 8.6PoC≥ 5.2.17-3, < 5.2.192024-05-06
CVE-2024-34470 [HIGH] CWE-29 CVE-2024-34470: An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Trav
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
nvd
CVE-2026-29963P3HIGHCVSS 7.5v5.3.3-72026-05-18
CVE-2026-29963 [HIGH] CWE-22 CVE-2026-29963: HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supp
HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this flaw to access arbitrary files on the underlying operati
nvd
CVE-2026-29962P3HIGHCVSS 7.5v5.3.3-72026-05-18
CVE-2026-29962 [HIGH] CWE-73 CVE-2026-29962: HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper co
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to
nvd
CVE-2024-32371P3HIGHCVSS 7.5≥ 5.2.17-3, < 5.2.192024-05-07
CVE-2024-32371 [HIGH] CWE-20 CVE-2024-32371: An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.
nvd
CVE-2024-32370P3CRITICALCVSS 9.8≥ 5.2.17-3, < 5.2.192024-05-07
CVE-2024-32370 [CRITICAL] CWE-782 CVE-2024-32370: An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to o
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.
nvd
CVE-2024-34472P3MEDIUMCVSS 5.5≥ 5.2.17-3, < 5.2.192024-05-06
CVE-2024-34472 [MEDIUM] CWE-89 CVE-2024-34472: An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL i
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, l
nvd
CVE-2024-34471P3MEDIUMCVSS 5.4≥ 5.2.17-3, ≤ 5.2.182024-05-06
CVE-2024-34471 [MEDIUM] CWE-22 CVE-2024-34471: An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in
An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when
nvd
CVE-2026-29964P4MEDIUMCVSS 6.1v5.3.3-72026-05-18
CVE-2026-29964 [MEDIUM] CWE-79 CVE-2026-29964: HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php e
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output encoding, allowing a remote attacker to execute arbi
nvd
CVE-2026-29965P4MEDIUMCVSS 6.1v5.3.3-72026-05-18
CVE-2026-29965 [MEDIUM] CWE-79 CVE-2026-29965: HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax.
nvd
CVE-2024-32369P4MEDIUMCVSS 4.3≥ 5.2.17-3, < 5.2.192024-05-07
CVE-2024-32369 [MEDIUM] CWE-89 CVE-2024-32369: SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a r
SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.
nvd