TrendMicro Officescan Widget Remote Command Execution Exploit

TrendMicro is prone to an abuse in the talker.php function to get authentication bypass, combined with the mod TMCSS user-supplied unvalidated input before using it to execute a system calls leads us to execute arbitrary code.
Platform: 
Vulnerabilty ID: 
CVE-2017-11394
Product Version: 
39
Released Date: 
Monday, December 4, 2017 - 18:00