CVE-2022-44790

HIGH

Interspire Email Marketer <= 6.5.1 - Unauthenticated SQL Injection via Surveys Module

Title source: llm
STIX 2.1

Description

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0060
EPSS Percentile 44.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
interspire/email_marketer < 6.5.1
Published Dec 09, 2022
Tracked Since Feb 18, 2026