CVE-2024-34470

HIGH NUCLEI

HSC Mailinspector <5.2.18 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2024-34470. PoCs published by Mr-r00t11, bigb0x, th3gokul. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-34470, a path traversal vulnerability in HSC MailInspector up to version 5.2.18. The exploit leverages the 'path' parameter in /public/loader.php to read arbitrary files, demonstrated by fetching /etc/passwd.

Description

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.

Exploits (5)

nomisec WORKING POC 5 stars

by Mr-r00t11 · poc

https://github.com/Mr-r00t11/CVE-2024-34470

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-34470, a path traversal vulnerability in HSC MailInspector up to version 5.2.18. The exploit leverages the 'path' parameter in /public/loader.php to read arbitrary files, demonstrated by fetching /etc/passwd.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HSC MailInspector <= 5.2.18

No auth needed

Prerequisites: Network access to the target · Target running vulnerable HSC MailInspector version

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 5 stars

by bigb0x · poc

https://github.com/bigb0x/CVE-2024-34470

View Code ZIP pw:eip

The repository contains a Python script that scans for CVE-2024-34470, a path traversal vulnerability in HSC Mailinspector. It checks for the presence of '/etc/passwd' via a crafted request to '/public/loader.php' but does not include exploit code for command injection or further exploitation.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HSC Mailinspector up to version 5.2.18

No auth needed

Prerequisites: Network access to the target · Target running vulnerable HSC Mailinspector

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 3 stars

by th3gokul · poc

https://github.com/th3gokul/CVE-2024-34470

View Code ZIP pw:eip

The repository contains a functional exploit tool for CVE-2024-34470, an unauthenticated path traversal vulnerability in HSC Mailinspector. The tool sends crafted HTTP requests to retrieve sensitive files (e.g., /etc/passwd) and supports asynchronous scanning with threading and proxy options.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HSC Mailinspector

No auth needed

Prerequisites: Network access to the target HSC Mailinspector instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 2 stars

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2024-34470

View Code ZIP pw:eip

This repository contains a scanner for CVE-2024-34470, a Local File Inclusion (LFI) vulnerability in HSC Mailinspector. It checks for vulnerable endpoints by sending crafted requests and verifying responses for the presence of '/etc/passwd' content.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HSC Mailinspector 5.2.17-3 through 5.2.18

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by osvaldotenorio · poc

https://github.com/osvaldotenorio/CVE-2024-34470

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for CVE-2024-34470, demonstrating a path traversal vulnerability in HSC Mailinspector's `/public/loader.php` file. The exploit allows unauthenticated users to read arbitrary files on the server by manipulating the `path` parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HSC Mailinspector 5.2.17-3 and below

No auth needed

Prerequisites: Access to the target server's `/mailinspector/public/loader.php` endpoint

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion

HIGHVERIFIEDby topscoder

FOFA: mailinspector/public

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/osvaldotenorio/CVE-2024-34470

Scores

CVSS v3 8.6

EPSS 0.0675

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-29

Status published

Products (1)

hsclabs/mailinspector 5.2.17-3 - 5.2.19

Published May 06, 2024

Tracked Since Feb 18, 2026