Code injection

2017-04-2819:59:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

JSON

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

CPENameOperatorVersion
threat_discovery_appliancele2.6.1062

CPE	Name	Operator	Version
	threat_discovery_appliance	le	2.6.1062

References

packetstormsecurity.com/files/142217/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query.cgi-Remote-Code-Execution.html

www.securityfocus.com/bid/98343