Trend Micro Control Manager GetPassword() SQLi
High Nessus Plugin ID 110766
SynopsisA web application running on the remote host is affected by an SQLi
DescriptionThe Trend Micro Control Manager running on the remote host is
affected by an SQLi vulnerability when processing an HTTP request due
to the lack of proper validation of a user-supplied string before
using it to construct SQL queries. An unauthenticated, remote attacker
can exploit this issue, via a specially crafted HTTP request, to
execute code under the context of the Network Service account.
Note that Trend Micro Control Manager is reportedly affected by
additional vulnerabilities; however, this plugin has not tested for
SolutionUpgrade to Trend Micro Control Manager version 6.0 build 3748 / 7.0 or later.
Note that version 6.0 build 3748 requires version 6.0 SP3 Patch 3 as a