GCVE - cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Interspire (`44a739fb-68fd-5eae-9c0b-3954a3d6bea9`)
Product	Email Marketer (`9876f188-8921-508d-8420-4d33e5e91c23`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-44790`	vulnerable	2026-06-08 05:49:36.403018	Details available Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists. Published: 2022-12-09T00:00:00.000Z Updated: 2025-04-23T14:15:14.721Z Open on db.gcve.eu Reference links https://www.interspire.com/security-bulletin-2022-44790/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40777`	vulnerable	2026-06-08 05:48:28.185411	Details available Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. Published: 2022-10-11T00:00:00.000Z Updated: 2024-08-03T12:28:42.661Z Open on db.gcve.eu Reference links https://twitter.com/huyvinhptit https://www.interspire.com/security-bulletin-20220918/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19651`	vulnerable	2026-06-08 05:11:15.987155	Details available admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. Published: 2018-11-28T22:00:00.000Z Updated: 2024-09-17T01:15:35.553Z Open on db.gcve.eu Reference links https://medium.com/%40namhb/ssrf-to-lfi-in-interspire-email-marketer-698a748462a9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19553`	vulnerable	2026-06-08 05:11:15.874771	Details available Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php Published: 2018-11-26T07:00:00.000Z Updated: 2024-08-05T11:37:11.600Z Open on db.gcve.eu Reference links https://medium.com/%40buiquang266/some-vulnerabilities-in-interspire-email-marketer-caa7bc861d14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19552`	vulnerable	2026-06-08 05:11:15.874350	Details available Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. Published: 2018-11-26T07:00:00.000Z Updated: 2024-08-05T11:37:11.504Z Open on db.gcve.eu Reference links https://medium.com/%40buiquang266/some-vulnerabilities-in-interspire-email-marketer-caa7bc861d14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19551`	vulnerable	2026-06-08 05:11:15.874030	Details available Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. Published: 2018-11-26T07:00:00.000Z Updated: 2024-08-05T11:37:11.526Z Open on db.gcve.eu Reference links https://medium.com/%40buiquang266/some-vulnerabilities-in-interspire-email-marketer-caa7bc861d14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19550`	vulnerable	2026-06-08 05:11:15.869002	Details available Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. Published: 2018-11-26T07:00:00.000Z Updated: 2024-08-05T11:37:11.519Z Open on db.gcve.eu Reference links https://medium.com/%40buiquang266/some-vulnerabilities-in-interspire-email-marketer-caa7bc861d14 http://packetstormsecurity.com/files/153018/Interspire-Email-Marketer-6.20-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19549`	vulnerable	2026-06-08 05:11:15.868601	Details available Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. Published: 2018-11-26T07:00:00.000Z Updated: 2024-08-05T11:37:11.486Z Open on db.gcve.eu Reference links https://medium.com/%40buiquang266/some-vulnerabilities-in-interspire-email-marketer-caa7bc861d14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14322`	vulnerable	2026-06-08 05:08:49.620050	Details available The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value. Published: 2017-10-18T18:00:00.000Z Updated: 2024-08-05T19:20:41.462Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/44513/ http://seclists.org/fulldisclosure/2017/Oct/39 https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.