Vulnerability Details CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2018-19651
-
cpe:2.3:a:interspire:email_marketer:5.0.10
-
cpe:2.3:a:interspire:email_marketer:5.0.11
-
cpe:2.3:a:interspire:email_marketer:5.0.13
-
cpe:2.3:a:interspire:email_marketer:5.0.14
-
cpe:2.3:a:interspire:email_marketer:5.0.9
-
cpe:2.3:a:interspire:email_marketer:5.5.10
-
cpe:2.3:a:interspire:email_marketer:5.5.11
-
cpe:2.3:a:interspire:email_marketer:5.5.2
-
cpe:2.3:a:interspire:email_marketer:5.5.3
-
cpe:2.3:a:interspire:email_marketer:5.5.4
-
cpe:2.3:a:interspire:email_marketer:5.5.5
-
cpe:2.3:a:interspire:email_marketer:5.5.6
-
cpe:2.3:a:interspire:email_marketer:5.5.7
-
cpe:2.3:a:interspire:email_marketer:5.5.8
-
cpe:2.3:a:interspire:email_marketer:5.5.9
-
cpe:2.3:a:interspire:email_marketer:5.6.0
-
cpe:2.3:a:interspire:email_marketer:5.6.1
-
cpe:2.3:a:interspire:email_marketer:5.6.2
-
cpe:2.3:a:interspire:email_marketer:5.6.3
-
cpe:2.3:a:interspire:email_marketer:5.6.4
-
cpe:2.3:a:interspire:email_marketer:5.6.5
-
cpe:2.3:a:interspire:email_marketer:5.6.6
-
cpe:2.3:a:interspire:email_marketer:5.6.7
-
cpe:2.3:a:interspire:email_marketer:5.7.0
-
cpe:2.3:a:interspire:email_marketer:5.7.1
-
cpe:2.3:a:interspire:email_marketer:6.0.0
-
cpe:2.3:a:interspire:email_marketer:6.0.1
-
cpe:2.3:a:interspire:email_marketer:6.1.0
-
cpe:2.3:a:interspire:email_marketer:6.1.1
-
cpe:2.3:a:interspire:email_marketer:6.1.2
-
cpe:2.3:a:interspire:email_marketer:6.1.3
-
cpe:2.3:a:interspire:email_marketer:6.1.4
-
cpe:2.3:a:interspire:email_marketer:6.1.5
-
cpe:2.3:a:interspire:email_marketer:6.1.6
-
cpe:2.3:a:interspire:email_marketer:6.1.8