CVE-2022-44790

Vulnerability

Interspire Email Marketer versions 6.0.0 through 6.5.1 contain a SQL injection vulnerability in the Surveys module. The flaw resides in the surveys.php file and is reachable when a valid survey ID exists. An unauthenticated attacker can inject arbitrary SQL queries via crafted input to the surveys endpoint [1].

Exploitation

An attacker needs only network access to the vulnerable Email Marketer instance and knowledge of an existing survey ID. No authentication is required. The attacker sends a specially crafted HTTP request to the surveys module, injecting SQL commands into parameters that are not properly sanitized. The database returns results that are reflected in the response, allowing the attacker to extract data [1].

Impact

Successful exploitation allows an unauthenticated attacker to extract potentially sensitive information from the database, such as user credentials, email addresses, and other confidential data. The attacker gains read access to the database contents, compromising confidentiality [1].

Mitigation

Interspire recommends immediate action: either disable the Surveys addon from the addon management screen, backup and delete the surveys.php file, or replace it with an updated version. The vendor has released version 6.5.2 which contains the fix. Users with an active download link should update to the latest version [1].