Lucene search
HistoryDec 09, 2022 - 9:15 p.m.
CVE-2022-44790
interspire email marketer
sql injection
surveys module
unauthenticated attack
sensitive information
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
47.5%
Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists.
Affected configurations
Node
interspireemail_marketerRange≤6.5.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| interspire | email_marketer | * | cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2022-12-09 21:15:00
cvelist
cvelist
CVE-2022-44790
2022-12-09 00:00:00
cve
cve
CVE-2022-44790
2022-12-09 21:15:11
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
47.5%
Related for NVD:CVE-2022-44790