Vulnerabilities > Interspire > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-09 | CVE-2022-44790 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. | 7.5 |
| 2022-10-11 | CVE-2022-40777 | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. | 8.8 |
| 2018-11-26 | CVE-2018-19553 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php | 8.8 |
| 2018-11-26 | CVE-2018-19552 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | 8.8 |
| 2018-11-26 | CVE-2018-19551 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | 8.8 |
| 2018-11-26 | CVE-2018-19550 | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | 8.8 |
| 2018-11-26 | CVE-2018-19549 | SQL Injection vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | 8.8 |
| 2010-07-22 | CVE-2009-4957 | Path Traversal vulnerability in Interspire Activekb Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter. | 7.5 |
| 2009-02-03 | CVE-2009-0412 | Improper Authentication vulnerability in Interspire Shopping Cart 4.0.1 The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. | 7.5 |
| 2008-05-19 | CVE-2008-2338 | Permissions, Privileges, and Access Controls vulnerability in Interspire Activekb Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. | 7.5 |