Published: 26/11/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Interspire Email Marketer up to and including 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
interspire email marketer
interspire email marketer 6.1.8

# Exploit Title: Interspire Email Marketer 620 - Remote Code Execution # Date: May 2019 # Exploit Author: Numan Türle # Vendor Homepage: wwwinterspirecom # Software Link: wwwinterspirecom/emailmarketer # Version: 620< # Tested on: windows # CVE : CVE-2018-19550 # mediumcom/@numanturle/interspire-email-marketer-6 ...

Interspire Email Marketer version 620 suffers from a remote code execution vulnerability in surveys_submitphp ...

CWE-434 http://packetstormsecurity.com/files/153018/Interspire-Email-Marketer-6.20-Remote-Code-Execution.html https://medium.com/%40buiquang266/some-vulnerabilities-in-interspire-email-marketer-caa7bc861d14 https://nvd.nist.gov https://www.exploit-db.com/exploits/46864

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-19550

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect