Arbitrary Command Injection in TitanHQ SpamTitan through 7.03

Arbitrary Command Injection in TitanHQ SpamTitan through 7.03

CVE-2019-6800 · HIGH Severity

AV:N/AC:M/AU:S/C:C/I:C/A:C

In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.

Learn more about our Network Penetration Testing.