CVE-2020-11803

HIGH

SpamTitan 7.07 - Authenticated Remote Code Execution via mailqueue.php jaction Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11803.

AI-analyzed exploit summary This Python script demonstrates multiple authenticated remote code execution (RCE) vulnerabilities in SpamTitan Gateway 7.07, including improper input validation and PHP eval abuse. It includes functional exploit code for CVE-2020-11699, CVE-2020-11700, CVE-2020-11803, and CVE-2020-11804.

Description

An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page.

Exploits (1)

exploitdb WORKING POC

pythonwebappsmultiple

https://www.exploit-db.com/exploits/48817

View Code ZIP pw:eip

This Python script demonstrates multiple authenticated remote code execution (RCE) vulnerabilities in SpamTitan Gateway 7.07, including improper input validation and PHP eval abuse. It includes functional exploit code for CVE-2020-11699, CVE-2020-11700, CVE-2020-11803, and CVE-2020-11804.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SpamTitan Gateway 7.07

Auth required

Prerequisites: Authenticated access to the SpamTitan web interface · Network connectivity to the target server

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_misc

https://www.spamtitan.com/

Third Party Advisory x_refsource_misc

https://github.com/felmoltor

Third Party Advisory x_refsource_misc

https://twitter.com/felmoltor

Exploit, Third Party Advisory x_refsource_misc

https://sensepost.com/blog/2020/clash-of-the-spamtitan/

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.0755

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

titanhq/spamtitan 7.07

Published Sep 17, 2020

Tracked Since Feb 18, 2026