CVE-2019-6800
First published: Wed Jun 05 2019(Updated: )
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TitanHQ SpamTitan | >=7.00<=7.03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this TitanHQ SpamTitan vulnerability?
The vulnerability ID for this TitanHQ SpamTitan vulnerability is CVE-2019-6800.
What is the severity of CVE-2019-6800?
The severity of CVE-2019-6800 is high, with a CVSS score of 7.5.
What is the affected software for CVE-2019-6800?
The affected software for CVE-2019-6800 is TitanHQ SpamTitan version 7.00 through 7.03.
How does this vulnerability work?
This vulnerability exists in the spam rule update function of TitanHQ SpamTitan. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position can inject arbitrary commands.
Are there any references available for CVE-2019-6800?
Yes, you can find more information about CVE-2019-6800 at the following links: [Write-up on GitHub](https://write-up.github.io/CVE-2019-6800/) and [SpamTitan News](https://www.spamtitan.com/category/spamtitan-news/).
- collector/nvd-index
- vendor/titanhq
- canonical/titanhq spamtitan
- version/titanhq spamtitan/7.00
- version/titanhq spamtitan/7.03