Interspire Email Marketer — known CVE vulnerabilities
Every CVE whose affected-product data names Interspire Email Marketer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2017-14322 — CVSS 9.8 (critical): The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows…
CVE-2018-19549 — CVSS 8.8 (high): Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.
CVE-2018-19550 — CVSS 8.8 (high): Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation…
CVE-2018-19551 — CVSS 8.8 (high): Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.
CVE-2018-19553 — CVSS 8.8 (high): Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php
CVE-2018-19552 — CVSS 8.8 (high): Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.
CVE-2022-40777 — CVSS 8.8 (high): Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation…
CVE-2022-44790 — CVSS 7.5 (high): Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform…
CVE-2018-19651 — CVSS 6.5 (medium): admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url=…