← back
CVE-2020-11804

CVE-2020-11804

EPSS 7.1%
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48817unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.htmlhttps://github.com/felmoltorhttps://sensepost.com/blog/2020/clash-of-the-spamtitan/https://twitter.com/felmoltorhttps://www.spamtitan.com