Vulnerability Details CVE-2020-11699
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.169
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
- https://github.com/felmoltor
- https://sensepost.com/blog/2020/clash-of-the-spamtitan/
- https://twitter.com/felmoltor
- https://www.spamtitan.com/
- http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
- https://github.com/felmoltor
- https://sensepost.com/blog/2020/clash-of-the-spamtitan/
- https://twitter.com/felmoltor
- https://www.spamtitan.com/