CVE-2018-3607

Description

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Affected products

• Trend Micro / Trend Micro Control Manager6.0 – 6.0

References

• VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-18-090/
• VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-18-094/
• VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-18-109/
• MISChttps://success.trendmicro.com/solution/1119158