Skip to content

Latest commit

 

History

History
18 lines (10 loc) · 727 Bytes

README.md

File metadata and controls

18 lines (10 loc) · 727 Bytes

CVE-2024-32369

Description: SQL Injection vulnerability in HSC Cybersecurity HSC Mailinspector v.5.2.17-3 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.

Versions: Discovered in HSC Mailinspector 5.2.17-3 but applicable to all versions up to 5.2.18.

Proof of Concept

The SQL injection vulnerability occurs in the limit parameter of the application's request payload. Specifically, the payload exec=fetch&start=0&limit=30' is susceptible to SQL injection.

Payload: exec=fetch&start=0&limit=30'

Vulnerable Parameter:

  • Parameter: limit
  • Payload: exec=fetch&start=0&limit=30'

alt text