CVE-2019-19020

Name of the Vulnerable Software and Affected Versions TitanHQ WebTitan versions prior to 5.18

Description An issue in the administration web interface allows an attacker to upload a crafted backup file, enabling the execution of arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.

Recommendations For versions prior to 5.18, update to version 5.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface and limiting the ability to upload files to prevent potential exploitation.