Server Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer through 6.1.6 allows unauthorized access to remote and local resources

Server Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer through 6.1.6 allows unauthorized access to remote and local resources

CVE-2018-19651 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.

Learn more about our Cis Benchmark Audit For Server Software.