CVE-2018-19550

HIGH

Interspire Email Marketer <6.1.6 - File Upload

Title source: llm

Description

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.

Exploits (1)

exploitdb WORKING POC

by numan türle · textwebappsphp

https://www.exploit-db.com/exploits/46864

View Code ZIP pw:eip

References (2)

Core 2

Core References

Various Sources x_refsource_misc

https://medium.com/%40buiquang266/some-vulnerabilities-in-interspire-email-marketer-caa7bc861d14

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/153018/Interspire-Email-Marketer-6.20-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.0352

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

interspire/email_marketer 6.1.8

interspire/email_marketer < 6.1.6

Published Nov 26, 2018

Tracked Since Feb 18, 2026