Advisory

漏洞通報

2023-10-17

EasyUse MailHunter Ultimate - Unrestricted Upload of File with Dangerous Type

ZUSOART ID ZA-2023-04
CVE ID CVE-2023-34207
Vulnerability Type CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (9.9)
Description Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.
Vendor EasyUse Digital Technology
Product
Category Version affected
EasyUse MailHunter Ultimate 2023 and earlier
Product Support Contact EasyUse Digital Technology for version updates.
Release date 2023/10/17
Credit Chia-Hao Chang (Jerry Chang) of ZUSO ART
<< Back index
top