Design/Logic Flaw

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550...

BigCommerec Interspire Email Marketer 代码问题漏洞

Bigcommerec BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from the US-based company Bigcommerec. A security vulnerability exists in Interspire Email Marketer version 6.5.0 that originates from allowing arbitrary files to be uploaded via the surveyssubmit.php...

Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution

Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach $widget as $widgetKey = $fields foreach $fields as...

CVE-2018-19550

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI...