CVE-2023-34208: ZUSO Generation 如梭世代

ZUSOART ID

ZA-2023-05

CVE ID

CVE-2023-34208

Vulnerability Type

CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CVSS

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (6.5)

Description

Path Traversal in create template function of EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.

Vendor

EasyUse Digital Technology

Product

Category

Version affected

EasyUse MailHunter Ultimate

2023 and earlier

Product Support

Contact EasyUse Digital Technology for version updates.

Release date

2023/10/17

Credit

Chia-Hao Chang (Jerry Chang) of ZUSO ART