Lucene search

[email protected]NVD:CVE-2022-40777

HistoryOct 11, 2022 - 11:15 p.m.

CVE-2022-40777

2022-10-1123:15:10

CWE-434

[email protected]

web.nvd.nist.gov

interspire email marketer

arbitrary file upload

surveys_submit.php

incomplete fix

file access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php “create survey and submit survey” operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.

Affected configurations

Nvd

Node

interspireemail_marketerRange≤6.5.0

VendorProductVersionCPE
interspireemail_marketer*cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
interspire	email_marketer	*	cpe:2.3:a:interspire:email_marketer::::::::

References

twitter.com/huyvinhptit

www.interspire.com/security-bulletin-20220918/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON

Related for NVD:CVE-2022-40777

cve2 prion2 cvelist2 nvd1 checkpoint_advisories1 zdt1 packetstorm1 exploitpack1 exploitdb1