An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.

Related CVEs

CVE-2024-34470

Key Information

GHSA ID

GHSA-fv57-985w-x39v

Published

May 6, 2024 3:30 PM

Last Modified

July 3, 2024 6:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 27, 2025 6:21 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.