CVE-2016-8588

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:trendmicro:threat_discovery_appliance:*:r1:*:*:*:*:*:*

History

21 Nov 2024, 02:59

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2017-04-28 19:59

Updated : 2024-11-21 02:59


NVD link : CVE-2016-8588

Mitre link : CVE-2016-8588

CVE.ORG link : CVE-2016-8588


JSON object : View

Products Affected

trendmicro

  • threat_discovery_appliance
CWE
CWE-284

Improper Access Control