Vulnerabilities > Interspire
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-28 | CVE-2018-19651 | Server-Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. | 4.0 |
| 2018-11-26 | CVE-2018-19553 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php | 6.5 |
| 2018-11-26 | CVE-2018-19552 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | 6.5 |
| 2018-11-26 | CVE-2018-19551 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | 6.5 |
| 2018-11-26 | CVE-2018-19550 | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | 6.5 |
| 2018-11-26 | CVE-2018-19549 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | 6.5 |
| 2017-10-18 | CVE-2017-14322 | Improper Authentication vulnerability in Interspire Email Marketer The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value. | 10.0 |
| 2010-07-22 | CVE-2009-4957 | Path Traversal vulnerability in Interspire Activekb Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. | 7.5 |
| 2009-12-03 | CVE-2009-4192 | Path Traversal vulnerability in Interspire Knowledge Manager 5 Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2009-02-03 | CVE-2009-0412 | Improper Authentication vulnerability in Interspire Shopping Cart 4.0.1 The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. | 7.5 |