Mailhunter Ultimate Security Vulnerabilities and Issues — Mailhunter Ultimate CVE List

Lucene search

EasyuseMailhunter Ultimate

5 matches found

CVE•added 2022/08/02 4:15 p.m.•50 views

CVE-2022-35223

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate s...

9.8CVSS10AI score0.01839EPSS

CVE•added 2023/10/17 4:15 a.m.•49 views

CVE-2023-34207

Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.

9.9CVSS8.8AI score0.00293EPSS

CVE•added 2023/10/17 4:15 a.m.•47 views

CVE-2023-34208

Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.

6.5CVSS6.2AI score0.00089EPSS

CVE•added 2023/10/17 5:15 a.m.•33 views

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.

5CVSS4.5AI score0.00079EPSS

CVE•added 2023/10/17 5:15 a.m.•32 views

CVE-2023-34210

SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.

8.8CVSS8.3AI score0.00054EPSS