Описание
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-5840
- https://www.exploit-db.com/exploits/40180
- http://esupport.trendmicro.com/solution/en-US/1114281.aspx
- http://jvn.jp/en/jp/JVN55428526/index.html
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html
- http://www.zerodayinitiative.com/advisories/ZDI-16-373
Связанные уязвимости
CVSS3: 7.2
nvd
больше 9 лет назад
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.