Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EasyUse MailHunter Ultimate - Deserialization of Untrusted Data
Vulnerability Description
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
EasyUse MailHunter Ultimate 代码问题漏洞
Vulnerability Description
EasyUse MailHunter Ultimate是中国EasyUse公司的一个准确的电子邮件查找工具。 EasyUse MailHunter Ultimate 2020及以前版本存在安全漏洞,该漏洞源于其对cookie的反序列化功能未进行合理检查导致未经权限的远程攻击者通过包含恶意有效载荷的cookie执行任意代码、执行系统命令或中断服务。
CVSS Information
N/A
Vulnerability Type
N/A