CVE-2023-34210 HIGH

CVE-2023-34210: SQL Injection in EasyUse MailHunter Ultimate

Vendor Easyuse Digital Technology
Product MailHunter Ultimate
Weakness CWE-89 · SQLi
Published October 17, 2023
Last update September 13, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.

Key dates

02Disclosure timeline

October 17, 2023 CVE published
September 13, 2024 Record updated