Arbitrary Command Execution in SpamTitan WebTitan Tools.php

Arbitrary Command Execution in SpamTitan WebTitan Tools.php

CVE-2011-4639 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.

Learn more about our Web App Pen Testing.