cbcvebase.
CVE-2012-2998
published 2012-09-28

CVE-2012-2998: SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote…

PriorityP258high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.09%
92.5th percentile
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected

9 ranges
VendorProductVersion rangeFixed in
trend_microcontrol_manager<= 5.5
trend_microcontrol_manager
trend_microcontrol_manager
trend_microcontrol_manager
trend_microcontrol_manager
trend_microcontrol_manager
trend_microcontrol_manager
trend_microcontrol_manager
trend_microcontrol_manager

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://<host>/webapp/AdHocQuery/AdHocQuery_Processor.aspx
path/webapp/AdHocQuery/AdHocQuery_Processor.aspx
otherid=350b651c-15c5-45ca-8d64-33b20f3fc4d8
  • Alert on HTTP requests to /webapp/AdHocQuery/AdHocQuery_Processor.aspx containing SQL keywords (WAITFOR, UNICODE, SUBSTRING, CAST, NVARCHAR, CONVERT) in query parameters, indicative of blind SQLi exploitation.
  • Monitor for repeated requests to AdHocQuery_Processor.aspx with varying numeric offsets in the 'id' parameter — the PoC iterates m in range(1,33) and n in range(0,16) to extract a 32-character password hash character by character.
  • ·The default SQLi delay in the PoC is 2 seconds; for remote targets the author notes the delay should be increased, meaning detection thresholds based on response-time anomalies must account for network latency.
  • ·Affected versions are TMCM before 5.5.0.1823 and 6.0 before 6.0.0.1449; patched versions are not vulnerable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.