Описание
Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2023 (включая)
cpe:2.3:a:easyuse:mailhunter_ultimate:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00293
Низкий
9.9 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 9.9
github
больше 2 лет назад
Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.
EPSS
Процентиль: 52%
0.00293
Низкий
9.9 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-434
CWE-434