SQL Injection Remote Code Execution Vulnerability in Trend Micro Smart Protection Server

SQL Injection Remote Code Execution Vulnerability in Trend Micro Smart Protection Server

CVE-2018-10350 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.