cve/2020/CVE-2020-11699.md

CVE-2020-11699

Description

An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.

POC

Reference

• http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html
• https://sensepost.com/blog/2020/clash-of-the-spamtitan/
• https://sensepost.com/blog/2020/clash-of-the-spamtitan/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/sensepost/ClashofSpamTitan