CVE-2024-34472

MEDIUM

HSC Mailinspector <5.2.18 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34472. PoCs published by osvaldotenorio.

AI-analyzed exploit summary The repository provides a detailed technical analysis of a Blind SQL injection vulnerability in HSC Mailinspector's `mliRealtimeEmails.php` file, specifically targeting the `ordemGrid` parameter. It includes proof of concept details and screenshots demonstrating the vulnerability.

Description

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.

Exploits (1)

nomisec WRITEUP
by osvaldotenorio · poc
https://github.com/osvaldotenorio/CVE-2024-34472

The repository provides a detailed technical analysis of a Blind SQL injection vulnerability in HSC Mailinspector's `mliRealtimeEmails.php` file, specifically targeting the `ordemGrid` parameter. It includes proof of concept details and screenshots demonstrating the vulnerability.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: HSC Mailinspector up to 5.2.18
Auth required
Prerequisites: Authenticated access to the application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/osvaldotenorio/CVE-2024-34472

Scores

CVSS v3 5.5
EPSS 0.0065
EPSS Percentile 46.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
hsclabs/mailinspector 5.2.17-3 - 5.2.19
Published May 06, 2024
Tracked Since Feb 18, 2026