A vulnerability in security software provider Trend Micro’s Control Manager can suffer exploitation to reveal sensitive information, according to Secunia.
Input passed via the “module” parameter to WebApp/widget/proxy_request.php (when “sid” is set to “undefined” and “serverid”, “SORTFIELD”, “SELECTION”, and “WID” are set) is not properly verified before being used to read files.
The end result could be a hacker could read arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 5.5 (Build 1250). Other versions may also suffer from the same vulnerability.
One solution is to apply hotfix 1470, or contact Trend Micro for details.