HSC MailInspector Local File Inclusion Vulnerability Allowing Arbitrary File Read

Vulnerability

A local file inclusion (LFI) vulnerability has been identified in HSC MailInspector version 5.3.3-7. This vulnerability arises from inadequate validation and sanitization of user-supplied file paths in the endpoint '/vendor/phpunit/phpunit.php'. The flaw allows remote attackers to exploit path traversal techniques to access and read arbitrary files from the server's operating system and application directories, potentially leading to unauthorized disclosure of sensitive information.

Impact

Exploitation of this vulnerability could allow attackers to read sensitive files from the server, such as credentials, API keys, or database connection details. This information could be used to gain insight into the server's internal architecture or to facilitate more severe attacks.

Added: May 18, 2026, 6:30 PM

Updated: May 18, 2026, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HSC MailInspector Local File Inclusion Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Affected Products

HSC MailInspector

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating