CVE-2017-11386

CWE-89 — SQL Injection9 documents4 sources

Severity

9.8CRITICAL

EPSS

6.8%

top 8.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Control Manager

Timeline

PublishedAug 2

Latest updateMay 17

Description

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtrendmicro/control_manager6.0

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-hp3x-w27j-hf2j: SQL Injection in Trend Micro Control Manager 6↗2022-05-17

▶

CVEList

CVE-2017-11386: SQL Injection in Trend Micro Control Manager 6↗2017-08-02

▶

💬Community

Bugzilla

CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws↗2018-06-14

▶