Lucene search

ZUSO ARTCVELIST:CVE-2023-34208

HistoryOct 17, 2023 - 4:00 a.m.

CVE-2023-34208 Path Traversal in EasyUse MailHunter Ultimate

2023-10-1704:00:05

CWE-22

ZUSO ART

www.cve.org

cve-2023-34208

path traversal

easyuse mailhunter

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "MailHunter Ultimate",
    "vendor": "EasyUse Digital Technology",
    "versions": [
      {
        "lessThanOrEqual": "2023",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

zuso.ai/Advisory/ZA-2023-05

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

Related for CVELIST:CVE-2023-34208