CVE-2018-19550
Description
Interspire Email Marketer through 6.1.6 allows unauthenticated arbitrary file upload via surveys_submit.php, leading to remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Interspire Email Marketer through 6.1.6 allows unauthenticated arbitrary file upload via surveys_submit.php, leading to remote code execution.
Vulnerability
Interspire Email Marketer versions through 6.1.6 contain an arbitrary file upload vulnerability in the surveys_submit.php script. The "create survey and submit survey" operation does not properly validate uploaded files, allowing an attacker to upload a .php file. The uploaded file is stored under the admin/temp/surveys/ directory and becomes directly accessible via the web server. No authentication is required to trigger the upload [1].
Exploitation
An attacker can send a crafted HTTP POST request to surveys_submit.php with a malicious PHP file (e.g., a web shell) as part of the survey submission. The file is saved to the admin/temp/surveys/ path with a predictable or user-controlled filename. The attacker then accesses the uploaded file directly via its URL, causing the PHP code to execute on the server [1].
Impact
Successful exploitation allows remote code execution in the context of the web server user. The attacker can execute arbitrary PHP commands, read or modify files, access the database, and potentially escalate privileges to fully compromise the Interspire Email Marketer installation and the underlying server.
Mitigation
As of the publication date (2018-11-26), no official patch has been released for this vulnerability. Users should upgrade to a version later than 6.1.6 if available, or apply strict access controls to the surveys_submit.php endpoint (e.g., require authentication, disable the script, or use a web application firewall to block malicious file uploads). The vendor may have addressed this in subsequent releases; consult the official changelog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=6.1.6
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application allows arbitrary file uploads without proper validation of file types, leading to remote code execution."
Attack vector
An attacker can exploit this vulnerability by uploading a .php file through the surveys_submit.php script. The script processes file uploads intended for survey widgets. If the uploaded file has a .php extension, it can be placed in the admin/temp/surveys/ URI. This allows the attacker to host and execute arbitrary PHP code on the server.
Affected code
The vulnerability exists in the surveys_submit.php script. Specifically, the code iterates through uploaded files associated with survey widgets and saves them to a temporary directory. The script does not adequately validate the file types being uploaded, allowing for the upload of executable files like .php.
What the fix does
The advisory does not specify a patch or provide remediation guidance. Therefore, the exact fix is unknown. However, a proper fix would involve validating uploaded file types to prevent the execution of malicious scripts.
Preconditions
- inputThe attacker must be able to upload a file with a .php extension.
Reproduction
The reference write-up [ref_id=1] provides an exploit title and author, but does not contain specific reproduction steps.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.