Description: An Unauthenticated user can abuse Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
Versions: Discovered in HSC Mailinspector 5.2.17-3 but applicable to all versions up to 5.2.18.
By adding ../ to the file path, it's possible to traverse directories and read any files in the operating system with read permission:
Payload:
/mailinspector/public/loader.php?path=../../../../../../../etc/passwd
