CVE-2024-34471

Name of the Vulnerable Software and Affected Versions HSC Mailinspector version 5.2.17-3

Description A Path Traversal issue exists in the mliRealtimeEmails.php file, allowing an attacker to read and delete arbitrary files on the server due to improper validation of the file location by the filename parameter in the export HTML functionality. This can result in disruption of email information loading, as observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, leading to a 404 error.

Recommendations For HSC Mailinspector version 5.2.17-3, consider disabling the export HTML functionality in the mliRealtimeEmails.php file until a patch is available to prevent exploitation of the Path Traversal vulnerability. Restrict access to the mliRealtimeEmails.php file to minimize the risk of arbitrary file deletion. Avoid using the filename parameter in the export HTML functionality until the issue is resolved.