Trend Micro SafeSync for Enterprise deviceTool.pm get_nic_device SQL Injection
An SQL Injection vulnerability exists in Trend Micro's SafeSync's deviceTool.pm Perl module. The vulnerability is due to insufficient validation of the user-supplied role or role parameter when sending a query to get the information about a SafeSync nic device. A remote, authenticated, attacker could exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server.
from Check Point Update Services Advisories http://ift.tt/2t9qqGw
from Check Point Update Services Advisories http://ift.tt/2t9qqGw
Comments
Post a Comment