Description
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://medium.com/%40namhb/ssrf-to-lfi-in-interspire-email-marketer-698a748462a9
Scores
CVSS v3
6.5
EPSS
0.0085
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (2)
interspire/email_marketer
6.1.8
interspire/email_marketer
< 6.1.6
Published
Nov 28, 2018
Tracked Since
Feb 18, 2026