Skip to main content

Email Marketer

9 CVEs product

Monthly

CVE-2022-44790 HIGH This Week

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Email Marketer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-40777 HIGH POC This Week

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Email Marketer
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2018-19651 MEDIUM This Month

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Email Marketer
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-19553 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19552 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19551 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19550 HIGH POC This Week

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Email Marketer
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.0%
CVE-2018-19549 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-14322 CRITICAL POC THREAT Emergency

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.1%.

Authentication Bypass PHP Email Marketer
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
26.1%
Threat
4.2
EPSS 1% CVSS 7.5
HIGH This Week

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Email Marketer
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Email Marketer
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Email Marketer
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Email Marketer
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
EPSS 26% 4.2 CVSS 9.8
CRITICAL POC THREAT Emergency

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.1%.

Authentication Bypass PHP Email Marketer
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy