← back
CVE-2016-5840

CVE-2016-5840

EPSS 7.8%
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/40180/unverifiedexploitdbwww.exploit-db.com/exploits/40180unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://esupport.trendmicro.com/solution/en-US/1114281.aspxhttp://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.htmlhttp://jvn.jp/en/jp/JVN55428526/index.htmlhttps://www.exploit-db.com/exploits/40180/http://www.zerodayinitiative.com/advisories/ZDI-16-373