CVE-2018-6230
MEDIUMTrendmicro Email Encryption Gateway - SQL Injection
Title source: ruleDescription
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappsjsp
https://www.exploit-db.com/exploits/44166
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44166/
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119349
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities
Scores
CVSS v3
6.8
EPSS
0.0181
EPSS Percentile
82.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
trendmicro/email_encryption_gateway
5.5
Published
Mar 15, 2018
Tracked Since
Feb 18, 2026