Arbitrary Code Execution in Trend Micro Deep Discovery Inspector (DDI) 3.7-3.8 SP2 via hotfix_upload.cgi
CVE-2016-5840 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
Learn more about our Web Application Penetration Testing UK.