Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection
An SQL Injection vulnerability exists in Trend Micro's SafeSync for Enterprise deviceTool.pm page. The vulnerability is due to insufficient validation of the user-supplied role or device_id parameter when sending a query to get the information about a SafeSync storage device.A remote, authenticated, attacker could exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server.
from Check Point Update Services Advisories http://ift.tt/2tINOHU
from Check Point Update Services Advisories http://ift.tt/2tINOHU
Comments
Post a Comment