Vulnerabilities > Interspire

DATE CVE VULNERABILITY TITLE RISK
2018-11-28 CVE-2018-19651 Server-Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL.
network
low complexity
interspire CWE-918
4.0
2018-11-26 CVE-2018-19553 SQL Injection vulnerability in Interspire Email Marketer
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php
network
low complexity
interspire CWE-89
6.5
2018-11-26 CVE-2018-19552 SQL Injection vulnerability in Interspire Email Marketer
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.
network
low complexity
interspire CWE-89
6.5
2018-11-26 CVE-2018-19551 SQL Injection vulnerability in Interspire Email Marketer
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.
network
low complexity
interspire CWE-89
6.5
2018-11-26 CVE-2018-19550 Unrestricted Upload of File With Dangerous Type vulnerability in Interspire Email Marketer
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
network
low complexity
interspire CWE-434
6.5
2018-11-26 CVE-2018-19549 SQL Injection vulnerability in Interspire Email Marketer
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.
network
low complexity
interspire CWE-89
6.5
2017-10-18 CVE-2017-14322 Improper Authentication vulnerability in Interspire Email Marketer
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
network
low complexity
interspire CWE-287
critical
10.0
2010-07-22 CVE-2009-4957 Path Traversal vulnerability in Interspire Activekb
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter.
network
low complexity
interspire CWE-22
7.5
2009-12-03 CVE-2009-4192 Path Traversal vulnerability in Interspire Knowledge Manager 5
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a ..
network
low complexity
interspire CWE-22
5.0
2009-02-03 CVE-2009-0412 Improper Authentication vulnerability in Interspire Shopping Cart 4.0.1
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
network
low complexity
interspire CWE-287
7.5