CVE-2023-34209

Name of the Vulnerable Software and Affected Versions EasyUse MailHunter Ultimate versions 2023 and earlier

Description The issue allows remote authenticated users to obtain sensitive system information, specifically the absolute path, via an unencrypted VIEWSTATE parameter in the create template function. This exposure of sensitive system information to an unauthorized control sphere can be exploited by remote authenticated users.

Recommendations For EasyUse MailHunter Ultimate versions 2023 and earlier, consider encrypting the VIEWSTATE parameter to prevent unauthorized access to sensitive system information. As a temporary workaround, restrict access to the create template function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.