The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan prior to 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spamtitan webtitan |