Trend Micro Control Manager importFile directory traversal

Added: 09/25/2017
BID: 96131

Background

Trend Micro Control Manager streamlines administration of Trend Micro security solutions.

Problem

A directory traversal vulnerability in the importFile.php script allows remote attackers to upload files containing arbitrary PHP script under the document root. The uploaded files can then be executed by sending an HTTP GET request.

Resolution

Upgrade to Control Manager version 6.0 build 3506 or higher.

References

https://success.trendmicro.com/solution/1116624
http://www.zerodayinitiative.com/advisories/ZDI-17-060/

Back to exploit index