CVE-2016-5840

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.81:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.82:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-06-30 16:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-5840

Mitre link : CVE-2016-5840

CVE.ORG link : CVE-2016-5840


JSON object : View

Products Affected

trend_micro

  • deep_discovery_inspector
CWE
CWE-20

Improper Input Validation