CVE-2020-11803

Name of the Vulnerable Software and Affected Versions SpamTitan version 7.07

Description An issue was discovered where improper sanitization of the jaction parameter when interacting with the "mailqueue.php" page could lead to server-side PHP code evaluation. This occurs because user-provided input is passed directly to the php eval() function, but the user must be authenticated on the web platform before interacting with the page.

Recommendations For SpamTitan version 7.07, consider restricting access to the "mailqueue.php" page until a fix is available, and avoid using the jaction parameter in this context to minimize the risk of exploitation.