CVE-2018-10350

Summary

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs_bwlists_handler.php. Authentication is required in order to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro Smart Protection Server (Standalone)3.0, 3.1, 3.2, 3.3affected

Weaknesses

  • SQL Injection RCE

ADP Enrichment

CVE Program Container

Additional References

References