{"uuid": "5b419d66-2075-4fe6-b84e-d77067b58459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1194", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8CVE-2024-34470 \"A critical vulnerability has been found in HSC Mailinspector up to version 5.2.18. This vulnerability affects an unknown functionality of the file /public/loader.php. Manipulating the 'path' argument with an unknown input leads to a path traversal vulnerability. According to CWE, this issue is classified as CWE-22.\n\nThe product uses external input to construct a pathname intended to identify a file or directory located beneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location outside of the restricted directory. This affects confidentiality, integrity, and availability.\"\n\nhttps://x.com/DarkWebInformer/status/1803905811229352212", "creation_timestamp": "2024-06-20T23:41:59.000000Z"}