CVE-2024-34472
May 6, 2024, 4 p.m.
Tags
Product(s) Impacted
HSC Mailinspector
- 5.2.17-3
- 5.2.18
Description
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.
Weaknesses
Date
Published: May 6, 2024, 3:15 p.m.
Last Modified: May 6, 2024, 4 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
cve@mitre.org