Server Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer through 6.1.6 allows unauthorized access to remote and local resources
CVE-2018-19651 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
Learn more about our Cis Benchmark Audit For Server Software.