CVE-2022-44790

{"id": "CVE-2022-44790", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-12-09T21:15:11.480", "references": [{"url": "https://www.interspire.com/security-bulletin-2022-44790/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists."}, {"lang": "es", "value": "Interspire Email Marketer hasta 6.5.1 permite la inyecci\u00f3n SQL a trav\u00e9s del m\u00f3dulo de encuestas. Un atacante no autenticado podr\u00eda realizar con \u00e9xito un ataque para extraer informaci\u00f3n potencialmente confidencial de la base de datos si la identificaci\u00f3n de la encuesta existe."}], "lastModified": "2022-12-14T15:11:15.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "135B9AD0-EBCB-4840-B0D7-184C2CE19D66", "versionEndIncluding": "6.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}