A remote attacker could leverage this vulnerability to upload arbitrary files and obtain access to the Interspire Email Marketer installation via directory traversal. Additionally, a
Safari
It was discovered that the server is vulnerable to a SQL injection. The variable $category_name is accessible by anyone. An attacker can exploit this
An attacker can inject own SQL query to obtain sensitive information like database login credentials, etc. In the sample attack shown below, we can see
This can be used to issue admin-level warnings or even perform actions as a logged in user. To exploit this issue, an attacker must trick
This issue is fixed in macOS Mojave 10.14.5, Safari 12.5, watchOS 5.2, iTunes 12.12.2 for Windows, iOS 15.3,