CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-34472

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.8%

CVSS Severity

CVSS v3 Score 5.9

References

https://github.com/osvaldotenorio/CVE-2024-34472
https://github.com/osvaldotenorio/CVE-2024-34472

Products affected by CVE-2024-34472

Hsclabs » Mailinspector » Version: 5.2.17-3

cpe:2.3:a:hsclabs:mailinspector:5.2.17-3
Hsclabs » Mailinspector » Version: 5.2.18

cpe:2.3:a:hsclabs:mailinspector:5.2.18

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-34472

Products

Pricing

Contact Us