CVE-2016-6266 in Smart Protection Serverinfo

Summary

ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

07/21/2016

Disclosure

01/30/2017

Moderation

VulDB entry created

Entries

VDB-96301 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

7.5

EPSS

0.03015

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6266
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6266
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6266/

◂ Previous Overview Next ▸