An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
[
{
"cpes": [
"cpe:2.3:a:hsc:Mailinspector:*:*:*:*:*:*:*:*"
],
"vendor": "hsc",
"product": "Mailinspector",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]