admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-11-28 22:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-19651
Mitre link : CVE-2018-19651
CVE.ORG link : CVE-2018-19651
JSON object : View
Products Affected
interspire
- email_marketer
CWE
CWE-918
Server-Side Request Forgery (SSRF)