| ZUSOART ID |
ZA-2023-06 |
| CVE ID |
CVE-2023-34209 |
| Vulnerability Type |
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| CVSS |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0) |
| Description |
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function of EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter. |
| Vendor |
EasyUse Digital Technology |
| Product |
| Category |
Version affected |
| EasyUse MailHunter Ultimate |
2023 and earlier |
|
| Product Support |
Contact EasyUse Digital Technology for version updates. |
| Release date |
2023/10/17 |
| Credit |
Yi-Lin Ho (Leo Ho) of ZUSO ART |
