CVE-2024-34472

2024-05-0615:15:24

[email protected]

web.nvd.nist.gov

hsc mailinspector

sql injection

authenticated

potential disclosure

application database

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.

References

github.com/osvaldotenorio/CVE-2024-34472