A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
                
            References
                    | Link | Resource | 
|---|---|
| https://success.trendmicro.com/solution/1119349 | Patch Vendor Advisory | 
| https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities | Exploit Technical Description Third Party Advisory | 
| https://www.exploit-db.com/exploits/44166/ | Exploit Third Party Advisory VDB Entry | 
| https://success.trendmicro.com/solution/1119349 | Patch Vendor Advisory | 
| https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities | Exploit Technical Description Third Party Advisory | 
| https://www.exploit-db.com/exploits/44166/ | Exploit Third Party Advisory VDB Entry | 
Configurations
                    History
                    No history.
Information
                Published : 2018-03-15 19:29
Updated : 2024-11-21 04:10
NVD link : CVE-2018-6228
Mitre link : CVE-2018-6228
CVE.ORG link : CVE-2018-6228
JSON object : View
Products Affected
                trendmicro
- email_encryption_gateway
CWE
                
                    
                        
                        CWE-89
                        
            Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
