CVE-2023-34209— Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

CVSS 5.0 · Medium EPSS 0.08% · P23 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-34209

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

Source: NVD (National Vulnerability Database)

Vulnerability Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

将系统数据暴露到未授权控制的范围

Source: NVD (National Vulnerability Database)

Vulnerability Title

EasyUse MailHunter Ultimate 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

EasyUse MailHunter Ultimate是中国EasyUse公司的一个准确的电子邮件查找工具。 EasyUse MailHunter Ultimate 2023及之前版本存在安全漏洞，该漏洞源于敏感系统信息暴露给未经授权的Control Sphere，允许经过身份验证的远程用户通过未加密的VIEWSTATE参数获取绝对路径。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
EasyUse Digital Technology	MailHunter Ultimate	0 ~ 2023	-

II. Public POCs for CVE-2023-34209

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-34209

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2023-34209

Same Patch Batch · EasyUse Digital Technology · 2023-10-17 · 4 CVEs total

CVE-2023-34207	9.9 CRITICAL	Unrestricted Upload of File with Dangerous Type in EasyUse MailHunter Ultimate
CVE-2023-34210	7.7 HIGH	SQL Injection in EasyUse MailHunter Ultimate
CVE-2023-34208	6.5 MEDIUM	Path Traversal in EasyUse MailHunter Ultimate

IV. Related Vulnerabilities

Same product: MailHunter Ultimate

Same vendor: EasyUse Digital Technology

Same weakness: CWE-497

V. Comments for CVE-2023-34209

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-34209— Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

I. Basic Information for CVE-2023-34209

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-34209

III. Intelligence Information for CVE-2023-34209

Same Patch Batch · EasyUse Digital Technology · 2023-10-17 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-34209

Leave a comment