CVE-2024-34470

Name of the Vulnerable Software and Affected Versions HSC Mailinspector versions 5.2.17-3 through 5.2.18

Description An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.

Recommendations For HSC Mailinspector versions 5.2.17-3 through 5.2.18, as a temporary workaround, consider restricting access to the /public/loader.php file until a patch is available. Avoid using the path parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.