logo
DATABASE RESOURCES PRICING ABOUT US

Symantec Web Gateway upload_file() Remote Code Execution (SYM12-006) (intrusive check)

Description

The remote web server is hosting a version of Symantec Web Gateway with a code execution vulnerability. The upload_file() function of util_functions.php allows PHP files to be uploaded to a directory where the web server can execute them. This function is used by multiple PHP scripts that can be requested without authentication. A remote, unauthenticated attacker could exploit this to execute arbitrary code. Achieving root command execution is trivial.


Related