What is CVE-2016-6266?

CVE-2016-6266 is a high-severity vulnerability in Trendmicro Smart_protection_server, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2017-01-30.

How severe is CVE-2016-6266?

High severity. CVSS v3 base score is 8.8 out of 10.

Improper input validation in Trendmicro Smart_protection_server

CVE-2016-6266

ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.030 (86.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Trendmicro Smart_protection_server — versions 2.5, 2.6, 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (Technical Description, Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2016-6266?: CVE-2016-6266 is a high-severity vulnerability in Trendmicro Smart_protection_server, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2017-01-30.
How severe is CVE-2016-6266?: High severity. CVSS v3 base score is 8.8 out of 10.