Описание
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.81:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.82:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07123
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
EPSS
Процентиль: 91%
0.07123
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-20