Yi-Lin Ho

**Name of the Vulnerable Software and Affected Versions** EasyUse MailHunter Ultimate versions 2023 and earlier **Description** The issue allows remote authenticated users to obtain sensitive system information, specifically the absolute path, via an unencrypted `VIEWSTATE` parameter in the create template function. This exposure of sensitive system information to an unauthorized control sphere can be exploited by remote authenticated users. **Recommendations** For EasyUse MailHunter Ultimate versions 2023 and earlier, consider encrypting the `VIEWSTATE` parameter to prevent unauthorized access to sensitive system information. As a temporary workaround, restrict access to the create template function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.