Authentication Bypass Vulnerability in Interspire Email Marketer (IEM) prior to 6.1.6

Authentication Bypass Vulnerability in Interspire Email Marketer (IEM) prior to 6.1.6

CVE-2017-14322 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.

Learn more about our User Device Pen Test.