CVE-2016-8588

CWE-284Improper Access Control3 documents3 sources
Severity
7.3HIGH
EPSS
0.5%
top 33.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Trendmicro Threat Discovery Appliance
Timeline
PublishedApr 28
Latest updateMay 17

Description

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v6vc-vm6m-wvhp: The hotfix_upload2022-05-17
CVEList
CVE-2016-8588: The hotfix_upload2017-04-28
CVE-2016-8588 (HIGH CVSS 7.3) | The hotfix_upload.cgi in Trend Micr | cvebase.io