Vulnerability Details CVE-2018-10350
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.42
EPSS Ranking 97.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2018-10350
-
cpe:2.3:a:trendmicro:smart_protection_server:3.0
-
cpe:2.3:a:trendmicro:smart_protection_server:3.1
-
cpe:2.3:a:trendmicro:smart_protection_server:3.2
-
cpe:2.3:a:trendmicro:smart_protection_server:3.3
-
cpe:2.3:o:linux:linux_kernel:-