PT-2019-18359 · Titanhq · Spamtitan

Published

2019-06-05

Updated

2019-06-06

CVE-2019-6800

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TitanHQ SpamTitan versions 7.03 and earlier

Description A vulnerability exists in the spam rule update function of the affected software. Updates are downloaded over HTTP, including scripts that are subsequently executed with root permissions. This allows an attacker with a privileged network position to inject arbitrary commands.

Recommendations For TitanHQ SpamTitan versions 7.03 and earlier, consider disabling the spam rule update function until a secure update mechanism is implemented, and restrict access to the update process to minimize the risk of exploitation.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2019-6800

Affected Products

Spamtitan

PT-2019-18359 · Titanhq · Spamtitan

CVE-2019-6800

Weakness Enumeration

Related Identifiers

Affected Products

References · 4