CVE-2022-35223

Published: Aug 2, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.

Affected (1)

Products: Easyuse: Mailhunter Ultimate

1 product

Mailhunter Ultimate

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Easyuse Mailhunter Ultimate	Up to 2020

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://www.chtsecurity.com/news/a381467e-74ff-4a8c-a4d3-fc86720f5400

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-6365-b056c-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.chtsecurity.com/news/a381467e-74ff-4a8c-a4d3-fc86720f5400

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-6365-b056c-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.