First published: Wed Jun 05 2019(Updated: )
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TitanHQ SpamTitan | >=7.00<=7.03 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this TitanHQ SpamTitan vulnerability is CVE-2019-6800.
The severity of CVE-2019-6800 is high, with a CVSS score of 7.5.
The affected software for CVE-2019-6800 is TitanHQ SpamTitan version 7.00 through 7.03.
This vulnerability exists in the spam rule update function of TitanHQ SpamTitan. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position can inject arbitrary commands.
Yes, you can find more information about CVE-2019-6800 at the following links: [Write-up on GitHub](https://write-up.github.io/CVE-2019-6800/) and [SpamTitan News](https://www.spamtitan.com/category/spamtitan-news/).