logo
DATABASE RESOURCES PRICING ABOUT US

Symantec Web Gateway ipchange.php Shell Command Injection (SYM12-006) (intrusive check)

Description

The remote web server is hosting a version of Symantec Web Gateway that is affected by a shell command injection vulnerability. The ipchange.php script calls the exec() function with user-controlled input that is not properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrary shell commands as the apache user. After exploitation, obtaining a root shell is trivial.


Related