In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-05T18:05:02

Updated: 2024-08-04T20:31:04.278Z

Reserved: 2019-01-24T00:00:00

Link: CVE-2019-6800

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-06-05T19:29:00.293

Modified: 2024-11-21T04:47:11.060

Link: CVE-2019-6800

cve-icon Redhat

No data.