Lucene search
Steven Seeley (mr_me) of Source InciteZDI-18-417HistoryMay 04, 2018 - 12:00 a.m.
Trend Micro Encryption for Email Gateway emailSearch SearchString SQL Injection Remote Code Execution Vulnerability
2018-05-0400:00:00
Steven Seeley (mr_me) of Source Incite
www.zerodayinitiative.com
19
EPSS
0.001
Percentile
33.4%
This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the wsEmailSearch class. When parsing the SearchString parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of root.
References
Related
checkpoint_advisories
checkpoint_advisories
Trendmicro Email Encryption Gateway SQL Injection (CVE-2018-6230)
2020-06-25 00:00:00
cve
cve
CVE-2018-6230
2018-03-15 19:29:01
prion
prion
Sql injection
2018-03-15 19:29:00
cvelist
cvelist
CVE-2018-6230
2018-03-15 19:00:00
nvd
nvd
CVE-2018-6230
2018-03-15 19:29:01
exploitpack
exploitpack
coresecurity
coresecurity
Trend Micro Email Encryption Gateway Multiple Vulnerabilities
2018-02-21 00:00:00
packetstorm
packetstorm
Trend Micro Email Encryption Gateway XSS / Code Execution
2018-02-21 00:00:00
zdt
zdt
exploitdb
exploitdb