CVE-2019-19015

CRITICAL

TitanHQ WebTitan <5.18 - Code Injection

Title source: llm

Description

An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.

References (2)

[Exploit, Third Party Advisory] https://write-up.github.io/webtitan/

[Release Notes, Vendor Advisory] https://www.webtitan.com/resources/product-updates/

Scores

CVSS v3 9.8

EPSS 0.0111

EPSS Percentile 77.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (1)

titanhq/webtitan < 5.18

Timeline

Published Dec 02, 2019

Tracked Since Feb 18, 2026