SQL injection in Trend Micro’s Control Manager
Of all things, Trend Micro’s height for centralised confidence government is exposed to SQL injection attacks. According to US-CERT, versions 5.5 and 6.0 of a Trend Micro Control Manager are vulnerable. The association has provided rags for both influenced versions.
The disadvantage in doubt concerns a blind SQL injection conflict that means a web frontend does not hold any information from a database. According to a report by confidence consulting organisation Spentera that includes a proof-of-concept, a exposed complement can be done to trickle information like cue hashes by analysing a timing of SQL queries.