Vulnerabilities > Interspire > Email Marketer > 6.1.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-09 | CVE-2022-44790 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. | 7.5 |
| 2022-10-11 | CVE-2022-40777 | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. | 8.8 |
| 2018-11-28 | CVE-2018-19651 | Server-Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. | 6.5 |
| 2018-11-26 | CVE-2018-19553 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php | 8.8 |
| 2018-11-26 | CVE-2018-19552 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | 8.8 |
| 2018-11-26 | CVE-2018-19551 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | 8.8 |
| 2018-11-26 | CVE-2018-19550 | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | 8.8 |