Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
interspire email marketer vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-44790
Interspire Email Marketer up to and including 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists.
Interspire Email Marketer
8.8
CVSSv3
CVE-2022-40777
Interspire Email Marketer up to and including 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an in...
Interspire Email Marketer
7.5
CVSSv3
CVE-2018-21235
An issue exists in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.
Foxitsoftware E-mail Advertising System
6.5
CVSSv3
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer up to and including 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
Interspire Email Marketer
Interspire Email Marketer 6.1.8
8.8
CVSSv3
CVE-2018-19550
Interspire Email Marketer up to and including 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
Interspire Email Marketer
Interspire Email Marketer 6.1.8
1 EDB exploit
8.8
CVSSv3
CVE-2018-19551
Interspire Email Marketer up to and including 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.
Interspire Email Marketer
Interspire Email Marketer 6.1.8
8.8
CVSSv3
CVE-2018-19552
Interspire Email Marketer up to and including 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.
Interspire Email Marketer
Interspire Email Marketer 6.1.8
8.8
CVSSv3
CVE-2018-19549
Interspire Email Marketer up to and including 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.
Interspire Email Marketer
8.8
CVSSv3
CVE-2018-19553
Interspire Email Marketer up to and including 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php
Interspire Email Marketer
Interspire Email Marketer 6.1.8
9.8
CVSSv3
CVE-2017-14322
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) before 6.1.6 allows remote malicious users to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted valu...
Interspire Email Marketer
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started