TrendMicro Officescan Widget Remote Command Execution Exploit

TrendMicro is prone to an abuse in the talker.php function to get authentication bypass, combined with the mod TMCSS user-supplied unvalidated input before using it to execute a system calls leads us to execute arbitrary code.
Platform: 
Vulnerabilty ID: 
CVE-2017-11394
Product Version: 
2017_R2
Released Date: 
Tuesday, December 5, 2017 - 00:00