CVE-2019-6800
HIGHTitanHQ SpamTitan >=7.00 <7.03 - Remote Code Execution via HTTP Spam Rule Update
Title source: llmDescription
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.spamtitan.com/category/spamtitan-news/
Exploit, Third Party Advisory x_refsource_misc
https://write-up.github.io/CVE-2019-6800/
Scores
CVSS v3
7.5
EPSS
0.0130
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
titanhq/spamtitan
7.00 - 7.03
Published
Jun 05, 2019
Tracked Since
Feb 18, 2026