High severity7.2NVD Advisory· Published Jun 30, 2016· Updated May 6, 2026

CVE-2016-5840

Description

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.

Affected products

Trend Micro/Deep Discovery Inspector3 versions
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:deep_discovery_inspector:3.81:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:deep_discovery_inspector:3.82:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/40180/nvdExploitThird Party Advisory
esupport.trendmicro.com/solution/en-US/1114281.aspxnvdVendor Advisory
jvn.jp/en/jp/JVN55428526/index.htmlnvd
jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.htmlnvd
www.zerodayinitiative.com/advisories/ZDI-16-373nvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000