Описание
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.6 (включая)
Одно из
cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:*
cpe:2.3:a:interspire:email_marketer:6.1.8:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
EPSS
Процентиль: 43%
0.00207
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918