exploitDog

CVE-2016-8588

Опубликовано: 28 апр. 2017

Источник: nvd

CVSS3: 7.3

CVSS2: 6

EPSS Низкий

Описание

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

Ссылки

http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:threat_discovery_appliance:*:r1:*:*:*:*:*:*

Версия до 2.6.1062 (включая)

EPSS

Процентиль: 66%

0.00526

Низкий

7.3 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-v6vc-vm6m-wvhp

CVSS3: 7.3

github

больше 3 лет назад

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

EPSS

Процентиль: 66%

0.00526

Низкий

7.3 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-284