High severity7.2NVD Advisory· Published Jun 30, 2016· Updated Jun 17, 2026
CVE-2016-5840
CVE-2016-5840
Description
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:deep_discovery_inspector:3.81:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:deep_discovery_inspector:3.82:*:*:*:*:*:*:*
- (no CPE)range: 3.7, 3.8 SP1 (3.81), 3.8 SP2 (3.82)
Patches
Vulnerability mechanics
References
5- www.exploit-db.com/exploits/40180/nvdExploitThird Party Advisory
- esupport.trendmicro.com/solution/en-US/1114281.aspxnvdVendor Advisory
- jvn.jp/en/jp/JVN55428526/index.htmlnvd
- jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.htmlnvd
- www.zerodayinitiative.com/advisories/ZDI-16-373nvd
News mentions
0No linked articles in our index yet.