Trend Micro has been notified of a potential product vulnerability in TMCM. CERT first reported that the vulnerability enables SQL injection attacks, allowing remote attackers to execute SQL commands to upload and execute arbitrary code that may harm the target system.
Trend Micro confirmed that this is a product vulnerability and affects TMCM 6.0 and other versions. Trend Micro filters user-supplied inputs to ensure all strings does not contain any damage commands before execution.
Here are the critical patches for this vulnerability: