PT-2020-12786 · Titanhq · Spamtitan

Published

2020-09-17

Updated

2021-07-21

CVE-2020-11699

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SpamTitan version 7.07

Description An issue was discovered that allows an attacker to execute remote code on the target server due to improper validation of the fname parameter on the "certs-x.php" page. The attacker must be authenticated before interacting with this page.

Recommendations For SpamTitan version 7.07, ensure proper validation of the fname parameter on the "certs-x.php" page to prevent remote code execution. As a temporary workaround, consider restricting access to the "certs-x.php" page until a fix is available. Avoid using the fname parameter in the affected page until the issue is resolved.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-11699

Affected Products

Spamtitan

PT-2020-12786 · Titanhq · Spamtitan

CVE-2020-11699

Weakness Enumeration

Related Identifiers

Affected Products

References · 8