5 matches found
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl= request with an http or https URL. This also allows reading local files with a file: URL...
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...
CVE-2018-19651
CVE-2018-19651 affects Interspire Email Marketer up to version 6.1.6. The issue is a Server-Side Request Forgery (SSRF) in admin/functions/remote.php triggered by a what=importurl&url= parameter, enabling requests to arbitrary http/https URLs and, per reports, local-file access via file: URLs. Re...