Lucene search

K
InterspireEmail Marketer

9 matches found

cve
cve
added 2018/11/26 7:29 a.m.57 views

CVE-2018-19550

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.

8.8CVSS8.5AI score0.01976EPSS
cve
cve
added 2017/10/18 6:29 p.m.56 views

CVE-2017-14322

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.

10CVSS9.4AI score0.23263EPSS
cve
cve
added 2022/12/09 9:15 p.m.51 views

CVE-2022-44790

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists.

7.5CVSS7.8AI score0.00336EPSS
cve
cve
added 2022/10/11 11:15 p.m.47 views

CVE-2022-40777

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.

8.8CVSS8.7AI score0.01976EPSS
cve
cve
added 2018/11/28 10:29 p.m.32 views

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.

6.5CVSS6.4AI score0.00207EPSS
cve
cve
added 2018/11/26 7:29 a.m.31 views

CVE-2018-19552

Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.

8.8CVSS9AI score0.00244EPSS
cve
cve
added 2018/11/26 7:29 a.m.29 views

CVE-2018-19549

Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.

8.8CVSS8.9AI score0.00244EPSS
cve
cve
added 2018/11/26 7:29 a.m.29 views

CVE-2018-19551

Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.

8.8CVSS9AI score0.00244EPSS
cve
cve
added 2018/11/26 7:29 a.m.28 views

CVE-2018-19553

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php

8.8CVSS9.1AI score0.00244EPSS