Lucene search
Poh Jia Hao of STAR LabsZDI-23-654HistoryMay 17, 2023 - 12:00 a.m.
Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
2023-05-1700:00:00
Poh Jia Hao of STAR Labs
www.zerodayinitiative.com
5
trend micro
apex central
sql injection
remote code execution
vulnerability
authentication
modtmms
iusr
user-supplied string
sql queries
0.005 Low
EPSS
Percentile
75.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of set_certificates_config requests to the modTMMS endpoint. When parsing the dbCert parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the IUSR user.
Related
cnvd
cnvd
Trend Micro Apex Central SQL Injection Vulnerability
2023-05-29 00:00:00
cve
cve
CVE-2023-32530
2023-06-26 22:15:10
CVE-2023-32529
2023-06-26 22:15:10
nvd
nvd
CVE-2023-32530
2023-06-26 22:15:10
CVE-2023-32529
2023-06-26 22:15:10
cvelist
cvelist
CVE-2023-32529
2023-06-26 21:54:23
CVE-2023-32530
2023-06-26 21:54:34
prion
prion
Sql injection
2023-06-26 22:15:00
Sql injection
2023-06-26 22:15:00