CVE-2024-34471

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/osvaldotenorio/CVE-2024-34471
https://github.com/osvaldotenorio/CVE-2024-34471

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-06 16:15

Updated : 2024-11-21 09:18

NVD link : CVE-2024-34471

Mitre link : CVE-2024-34471

CVE.ORG link : CVE-2024-34471

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-34471", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-05-06T16:15:14.137", "references": [{"url": "https://github.com/osvaldotenorio/CVE-2024-34471", "source": "cve@mitre.org"}, {"url": "https://github.com/osvaldotenorio/CVE-2024-34471", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en HSC Mailinspector 5.2.17-3. Existe una vulnerabilidad de Path Traversal (que provoca la eliminaci\u00f3n de archivos) en el archivo mliRealtimeEmails.php. El par\u00e1metro de nombre de archivo en la funcionalidad de exportaci\u00f3n HTML no valida correctamente la ubicaci\u00f3n del archivo, lo que permite a un atacante leer y eliminar archivos arbitrarios en el servidor. Esto se observ\u00f3 cuando el archivo mliRealtimeEmails.php fue le\u00eddo y posteriormente eliminado, lo que result\u00f3 en un error 404 para el archivo y la interrupci\u00f3n de la carga de la informaci\u00f3n del correo electr\u00f3nico."}], "lastModified": "2024-11-21T09:18:45.537", "sourceIdentifier": "cve@mitre.org"}