Filtered by vendor Interspire
Subscriptions
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-19550 | 1 Interspire | 1 Email Marketer | 2024-08-05 | N/A |
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | ||||
CVE-2018-19552 | 1 Interspire | 1 Email Marketer | 2024-08-05 | N/A |
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | ||||
CVE-2018-19549 | 1 Interspire | 1 Email Marketer | 2024-08-05 | N/A |
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | ||||
CVE-2022-44790 | 1 Interspire | 1 Email Marketer | 2024-08-03 | 7.5 High |
Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists. | ||||
CVE-2022-40777 | 1 Interspire | 1 Email Marketer | 2024-08-03 | 8.8 High |
Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. |