CVE-2016-8588

N/A

Description

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

CVE Details

CVSS v3.1 ScoreN/A

Published4/28/2017

Last Modified4/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

trendmicro:threat_discovery_appliance

Weaknesses (CWE)

CWE-284

References

http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html(cve@mitre.org)

http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.