CVE-2023-34209 MEDIUM

CVE-2023-34209: Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

Vendor Easyuse Digital Technology
Product MailHunter Ultimate
Weakness CWE-497
Published October 17, 2023
Last update September 13, 2024

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.

Key dates

02Disclosure timeline

October 17, 2023 CVE published
September 13, 2024 Record updated