An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.
An attacker sends a specially crafted payload to the id parameter in the mliSystemUsers.php component. The vulnerability is classified as CWE-782 (access to sensitive resources through inadequately protected interface), which suggests a lack of proper access control when processing the id parameter value. As a result, it is possible to gain access to system user data without requiring privileges.
An attacker can obtain sensitive information stored in the system, including potentially user account data. The lack of authentication requirement means the attack can be carried out by any person with network access.
Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to restrict network access to the Mailinspector administrative interface to trusted IP addresses.
HSC Cybersecurity HC Mailinspector in versions 5.2.17-3 through 5.2.18
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHsclabs Mailinspector
APPHsclabs5.2.17-3 – 5.2.19 (bez)
Related vulnerabilities
HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input...
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of u...
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escala...
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vuln...
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoi...