CVE-2011-4639

SpamTitan WebTitan < 3.50 - Authenticated Command Injection via Traceroute and Ping Arguments

Title source: llm
STIX 2.1

Description

The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.

References (1)

Core 1
Core References
Exploit x_refsource_misc
http://www.sec-1.com/blog/?p=211

Scores

EPSS 0.0146
EPSS Percentile 70.4%

Details

CWE
CWE-94
Status published
Products (1)
spamtitan/webtitan < 3.50
Published Oct 08, 2012
Tracked Since Feb 18, 2026