.. / CVE-2024-34470

Exploit for HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion (CVE-2024-34470)

Description:

An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.

Nuclei Template

View the template here CVE-2024-34470.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-34470.yaml
Copy

References:

https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/osvaldotenorio/CVE-2024-34470
https://github.com/nomi-sec/PoC-in-GitHub
https://nvd.nist.gov/vuln/detail/CVE-2024-34470