5 matches found
CVE-2022-35223
CVE-2022-35223 affects EasyUse MailHunter Ultimate via its cookie deserialization function. The root cause is inadequate validation during deserializing cookies containing a malicious payload, enabling an unauthenticated remote attacker to execute arbitrary code, manipulate system commands, or in...
CVE-2023-34208
The CVE-2023-34208 entry concerns a path traversal vulnerability in the create template function of EasyUse MailHunter Ultimate (versions 2023 and earlier). A crafted ZIP archive could let an authenticated remote user extract files to arbitrary directories, exposing sensitive data (impact to conf...
CVE-2023-34207
Summary: CVE-2023-34207 affects EasyUse MailHunter Ultimate (versions 2023 and earlier). The issue is an unrestricted upload of file with dangerous type in the create template function, enabling remote authenticated users to run arbitrary system commands with NT Authority\SYSTEM privileges via a ...
CVE-2023-34209
CVE-2023-34209 affects EasyUse MailHunter Ultimate (2023 and earlier). A flaw in the create template function allows remote authenticated users to view the absolute path by an unencrypted VIEWSTATE parameter. The issue exposes sensitive system information to an unauthorized control sphere, with i...
CVE-2023-34210
CVE-2023-34210 affects EasyUse MailHunter Ultimate (versions 2023 and earlier). The vulnerability is an SQL injection in the create customer group function via the ctl00$ContentPlaceHolder1$txtCustSQL parameter, exploitable by remote authenticated users to execute arbitrary SQL commands. Public d...