CVE-2022-35223 CRITICAL

CVE-2022-35223: EasyUse MailHunter Ultimate - Deserialization of Untrusted Data

Vendor Easyuse
Product MailHunter Ultimate
Weakness CWE-502 · Unsafe deserialization
Published August 2, 2022
Last update September 17, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.

Key dates

02Disclosure timeline

August 2, 2022 CVE published
September 17, 2024 Record updated