CRITICAL🇵🇱 Wersja polska

CVE-2024-32370

CVSS 9.8v3.1pub. 2024-05-07upd. 2025-06-17

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.

🤖 AI Analysis
How it works

An attacker sends a specially crafted payload to the id parameter in the mliSystemUsers.php component. The vulnerability is classified as CWE-782 (access to sensitive resources through inadequately protected interface), which suggests a lack of proper access control when processing the id parameter value. As a result, it is possible to gain access to system user data without requiring privileges.

Impact

An attacker can obtain sensitive information stored in the system, including potentially user account data. The lack of authentication requirement means the attack can be carried out by any person with network access.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to restrict network access to the Mailinspector administrative interface to trusted IP addresses.

Who is affected

HSC Cybersecurity HC Mailinspector in versions 5.2.17-3 through 5.2.18

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hsclabs Mailinspector

    APP
    Hsclabs
    5.2.17-3 – 5.2.19 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-29963HIGH7.5ten sam produkt

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input...

CVE-2026-29962HIGH7.5ten sam produkt

HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of u...

CVE-2024-32371HIGH7.5ten sam produkt

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escala...

CVE-2024-34470HIGH8.6ten sam produkt

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vuln...

CVE-2026-29965MEDIUM6.1ten sam produkt

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoi...