VYPR
Critical severity9.1NVD Advisory· Published Jan 30, 2017· Updated Jun 17, 2026

CVE-2016-6269

CVE-2016-6269

Description

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*
    • (no CPE)range: < 2.5 build 2200, < 2.6 build 2106, < 3.0 build 1330

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.