hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
2016-06-30T16:59:11.120
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 7.2 (HIGH)
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.0
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | trend_micro | deep_discovery_inspector | 3.7 | Yes |
Application | trend_micro | deep_discovery_inspector | 3.81 | Yes |
Application | trend_micro | deep_discovery_inspector | 3.82 | Yes |