CVE-2018-6229

CRITICAL

Trendmicro Email Encryption Gateway - SQL Injection

Title source: rule

Description

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappsjsp

https://www.exploit-db.com/exploits/44166

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] https://success.trendmicro.com/solution/1119349

[Exploit, Technical Description, Third Party Advisory] https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44166/

Scores

CVSS v3 9.8

EPSS 0.0347

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (1)

trendmicro/email_encryption_gateway

Timeline

Published Mar 15, 2018

Tracked Since Feb 18, 2026