PT-2018-14995 · Interspire · Interspire Email Marketer

Published

2018-11-26

Updated

2019-05-23

CVE-2018-19550

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Interspire Email Marketer versions through 6.1.6

Description The issue allows for arbitrary file upload through a "create survey and submit survey" operation in surveys submit.php. This can result in a .php file being accessible under an admin/temp/surveys/ URI.

Recommendations For versions through 6.1.6, as a temporary workaround, consider restricting access to the surveys submit.php file until a patch is available. Avoid using the "create survey and submit survey" operation in surveys submit.php to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-19550

Affected Products

Interspire Email Marketer

PT-2018-14995 · Interspire · Interspire Email Marketer

CVE-2018-19550

Weakness Enumeration

Related Identifiers

Affected Products

References · 5