PT-2022-27313 · Interspire · Interspire Email Marketer
Tungbx
·
Published
2022-12-09
·
Updated
2022-12-14
·
CVE-2022-44790
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Interspire Email Marketer versions 6.5.1 and earlier
Description
The issue allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists.
Recommendations
For Interspire Email Marketer versions 6.5.1 and earlier, consider disabling the surveys module until a patch is available to prevent SQL Injection attacks. Restrict access to the surveys module to minimize the risk of exploitation. Avoid using the surveys module if the survey id exists, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Interspire Email Marketer