CVE-2024-34471

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

A

n issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading.

References

Link	Resource
https://github.com/osvaldotenorio/CVE-2024-34471	Exploit
https://github.com/osvaldotenorio/CVE-2024-34471	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:hsclabs:mailinspector:*:*:*:*:*:*:*:*

History

17 Jun 2025, 17:13

Type	Values Removed	Values Added
First Time		Hsclabs mailinspector Hsclabs
References	~~() https://github.com/osvaldotenorio/CVE-2024-34471 -~~	() https://github.com/osvaldotenorio/CVE-2024-34471 - Exploit
CPE		cpe:2.3:a:hsclabs:mailinspector::::::::

21 Nov 2024, 09:18

Type	Values Removed	Values Added
References	~~() https://github.com/osvaldotenorio/CVE-2024-34471 -~~	() https://github.com/osvaldotenorio/CVE-2024-34471 -

03 Jul 2024, 02:00

Type	Values Removed	Values Added
CWE		CWE-22
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

06 May 2024, 19:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-06 16:15

Updated : 2025-06-17 17:13

NVD link : CVE-2024-34471

Mitre link : CVE-2024-34471

CVE.ORG link : CVE-2024-34471

JSON object : View

Products Affected

mailinspector

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-34471", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-05-06T16:15:14.137", "references": [{"url": "https://github.com/osvaldotenorio/CVE-2024-34471", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://github.com/osvaldotenorio/CVE-2024-34471", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en HSC Mailinspector 5.2.17-3. Existe una vulnerabilidad de Path Traversal (que provoca la eliminaci\u00f3n de archivos) en el archivo mliRealtimeEmails.php. El par\u00e1metro de nombre de archivo en la funcionalidad de exportaci\u00f3n HTML no valida correctamente la ubicaci\u00f3n del archivo, lo que permite a un atacante leer y eliminar archivos arbitrarios en el servidor. Esto se observ\u00f3 cuando el archivo mliRealtimeEmails.php fue le\u00eddo y posteriormente eliminado, lo que result\u00f3 en un error 404 para el archivo y la interrupci\u00f3n de la carga de la informaci\u00f3n del correo electr\u00f3nico."}], "lastModified": "2025-06-17T17:13:49.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hsclabs:mailinspector:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA0B7E15-A3DF-485A-AA44-F8501894C017", "versionEndIncluding": "5.2.18", "versionStartIncluding": "5.2.17-3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}