Webtitan Security Vulnerabilities
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid pa...
8.4AI Score
0.002EPSS
The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.
7.5AI Score
0.003EPSS
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
6.3AI Score
0.063EPSS
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.
6.8AI Score
0.003EPSS
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
8.7AI Score
0.001EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.
7.8CVSS
7.9AI Score
0.0004EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to ful...
9.8CVSS
9.7AI Score
0.004EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.
7.5CVSS
7.6AI Score
0.002EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
8.1CVSS
8.2AI Score
0.002EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.
2.7CVSS
4.1AI Score
0.001EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogo...
7.5CVSS
8AI Score
0.003EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have...
7.2CVSS
7.3AI Score
0.001EPSS
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.
9.8CVSS
9.3AI Score
0.002EPSS