First published: Thu Sep 17 2020(Updated: )
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TitanHQ SpamTitan | =7.07 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-11700 is medium.
CVE-2020-11700 allows an attacker to retrieve the contents of arbitrary files in Titan SpamTitan 7.07.
An attacker can exploit CVE-2020-11700 by using improper sanitization of the parameter fname in the page certs-x.php to retrieve the contents of arbitrary files.
Yes, the user has to be authenticated before interacting with the page where CVE-2020-11700 can be exploited.
The CWE ID for CVE-2020-11700 is CWE-22.