Lucene search
Poh Jia Hao of STAR Labs SG Pte. Ltd.ZDI-24-024HistoryJan 10, 2024 - 12:00 a.m.
Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability
2024-01-1000:00:00
Poh Jia Hao of STAR Labs SG Pte. Ltd.
www.zerodayinitiative.com
6
remote code execution
trend micro apex central
authentication
php include function
iusr context
security vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of IUSR.
Related
cvelist
cvelist
CVE-2023-52325
2024-01-23 20:41:25
cve
cve
CVE-2023-52325
2024-01-23 21:15:09
cnvd
cnvd
Trend Micro Apex Central Local File Containment Vulnerability
2024-01-16 00:00:00
vulnrichment
vulnrichment
CVE-2023-52325
2024-01-23 20:41:25
prion
prion
Design/Logic Flaw
2024-01-23 21:15:00
nvd
nvd
CVE-2023-52325
2024-01-23 21:15:09