CVE-2018-3602

Description

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

Affected products

• Trend Micro / Trend Micro Control Manager6.0 – 6.0

References

• MISChttps://success.trendmicro.com/solution/1119158
• VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-18-068/