This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the formRegistration2 class. A crafted Client field in ppreg files can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of root.
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro Encryption for Email Gateway |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
ZDI-CAN-5551 is classified as a high severity vulnerability due to its potential for remote SQL injection exploitation.
To fix ZDI-CAN-5551, update Trend Micro Encryption for Email Gateway to the latest patched version provided by the vendor.
ZDI-CAN-5551 affects installations of Trend Micro Encryption for Email Gateway that are susceptible to the SQL injection vulnerability.
Not addressing ZDI-CAN-5551 could lead to unauthorized access to sensitive data and potential compromise of email communications.
ZDI-CAN-5551 requires authentication, but the existing authentication mechanism can be bypassed, enabling exploitation.