Vulnerability Details CVE-2020-11803
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
- https://github.com/felmoltor
- https://sensepost.com/blog/2020/clash-of-the-spamtitan/
- https://twitter.com/felmoltor
- https://www.spamtitan.com/
- http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
- https://github.com/felmoltor
- https://sensepost.com/blog/2020/clash-of-the-spamtitan/
- https://twitter.com/felmoltor
- https://www.spamtitan.com/