Chucrutis

**Name of the Vulnerable Software and Affected Versions** HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 **Description** An issue in HSC Cybersecurity HC Mailinspector allows a remote attacker to obtain sensitive information via a crafted payload to the `id` parameter in the mliSystemUsers.php component. **Recommendations** For versions 5.2.17-3 through 5.2.18, consider restricting access to the mliSystemUsers.php component to minimize the risk of exploitation. As a temporary workaround, avoid using the `id` parameter in the affected component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 **Description** The issue allows a remote attacker to obtain sensitive information via a crafted payload to the `start` and `limit` parameters in the "mliWhiteList.php" component. This enables the attacker to extract data by manipulating these parameters. **Recommendations** For HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18, consider restricting access to the "mliWhiteList.php" component until a patch is available. As a temporary workaround, avoid using the `start` and `limit` parameters in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 **Description** The issue allows a regular user account to escalate their privileges and gain administrative access by changing the `type` parameter from 1 to 0. **Recommendations** For versions 5.2.17-3 through 5.2.18, consider restricting access to the parameter `type` to prevent privilege escalation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.