CVE-2011-4639
SpamTitan WebTitan < 3.50 - Authenticated Command Injection via Traceroute and Ping Arguments
Title source: llmDescription
The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://www.sec-1.com/blog/?p=211
Scores
EPSS
0.0146
EPSS Percentile
70.4%
Details
CWE
CWE-94
Status
published
Products (1)
spamtitan/webtitan
< 3.50
Published
Oct 08, 2012
Tracked Since
Feb 18, 2026