Vulnerability Details CVE-2020-11700
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.121
EPSS Ranking 93.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
- https://github.com/felmoltor
- https://sensepost.com/blog/2020/clash-of-the-spamtitan/
- https://twitter.com/felmoltor
- https://www.spamtitan.com/
- http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
- https://github.com/felmoltor
- https://sensepost.com/blog/2020/clash-of-the-spamtitan/
- https://twitter.com/felmoltor
- https://www.spamtitan.com/