Skip to content
/ CVE-2024-32369 Public

Description: SQL Injection vulnerability in HSC Cybersecurity HSC Mailinspector v.5.2.17-3 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

chucrutis/CVE-2024-32369

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
image.png
image.png
 
 

Repository files navigation

CVE-2024-32369

Description: SQL Injection vulnerability in HSC Cybersecurity HSC Mailinspector v.5.2.17-3 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.

Versions: Discovered in HSC Mailinspector 5.2.17-3 but applicable to all versions up to 5.2.18.

Proof of Concept

The SQL injection vulnerability occurs in the limit parameter of the application's request payload. Specifically, the payload exec=fetch&start=0&limit=30' is susceptible to SQL injection.

Payload: exec=fetch&start=0&limit=30'

Vulnerable Parameter:

  • Parameter: limit
  • Payload: exec=fetch&start=0&limit=30'

alt text

About

Description: SQL Injection vulnerability in HSC Cybersecurity HSC Mailinspector v.5.2.17-3 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published