CVE-2012-2998

Description

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt

http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt

http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/

http://www.securitytracker.com/id?1027584

http://www.kb.cert.org/vuls/id/950795

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090

http://jvn.jp/en/jp/JVN42014489/index.html

http://esupport.trendmicro.com/solution/en-us/1061043.aspx

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3