Remote Code Execution via SQL Injection in Trend Micro Control Manager 6.0

Remote Code Execution via SQL Injection in Trend Micro Control Manager 6.0

CVE-2017-11388 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.

Learn more about our User Device Pen Test.