2023-10-17

EasyUse MailHunter Ultimate - Exposure of Sensitive System Information to an Unauthorized Control Sphere

ZUSOART ID ZA-2023-06
CVE ID CVE-2023-34209
Vulnerability Type CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVSS CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0)
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function of EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.
Vendor EasyUse Digital Technology
Product
Category Version affected
EasyUse MailHunter Ultimate 2023 and earlier
Product Support Contact EasyUse Digital Technology for version updates.
Release date 2023/10/17
Credit Yi-Lin Ho (Leo Ho) of ZUSO ART
top