Email Marketer@6.1.8 Security Vulnerabilities and Issues — Email Marketer@6.1.8 CVE List

Lucene search

InterspireEmail Marketer6.1.8

5 matches found

CVE•added 2018/11/26 7:29 a.m.•57 views

CVE-2018-19550

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.

8.8CVSS8.5AI score0.01976EPSS

CVE•added 2018/11/28 10:29 p.m.•32 views

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.

6.5CVSS6.4AI score0.00207EPSS

CVE•added 2018/11/26 7:29 a.m.•31 views

CVE-2018-19552

Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.

8.8CVSS9AI score0.00244EPSS

CVE•added 2018/11/26 7:29 a.m.•29 views

CVE-2018-19551

Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.

8.8CVSS9AI score0.00244EPSS

CVE•added 2018/11/26 7:29 a.m.•28 views

CVE-2018-19553

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php

8.8CVSS9.1AI score0.00244EPSS