PT-2018-14995 · Interspire · Interspire Email Marketer

Publicado

2018-11-26

Atualizado

2019-05-23

CVE-2018-19550

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Interspire Email Marketer versions through 6.1.6

Description The issue allows for arbitrary file upload through a "create survey and submit survey" operation in surveys submit.php. This can result in a .php file being accessible under an admin/temp/surveys/ URI.

Recommendations For versions through 6.1.6, as a temporary workaround, consider restricting access to the surveys submit.php file until a patch is available. Avoid using the "create survey and submit survey" operation in surveys submit.php to minimize the risk of exploitation.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2018-19550

Produtos afetados

Interspire Email Marketer

PT-2018-14995 · Interspire · Interspire Email Marketer

CVE-2018-19550

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5