An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit Third Party Advisory |
https://github.com/felmoltor | Third Party Advisory |
https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit Third Party Advisory |
https://twitter.com/felmoltor | Third Party Advisory |
https://www.spamtitan.com | Vendor Advisory |
http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit Third Party Advisory |
https://github.com/felmoltor | Third Party Advisory |
https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit Third Party Advisory |
https://twitter.com/felmoltor | Third Party Advisory |
https://www.spamtitan.com | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html - Exploit, Third Party Advisory | |
References | () https://github.com/felmoltor - Third Party Advisory | |
References | () https://sensepost.com/blog/2020/clash-of-the-spamtitan/ - Exploit, Third Party Advisory | |
References | () https://twitter.com/felmoltor - Third Party Advisory | |
References | () https://www.spamtitan.com - Vendor Advisory |
Information
Published : 2020-09-17 17:15
Updated : 2024-11-21 04:58
NVD link : CVE-2020-11804
Mitre link : CVE-2020-11804
CVE.ORG link : CVE-2020-11804
JSON object : View
Products Affected
titanhq
- spamtitan
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')