Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise.
An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitrary commands on the server.
Upgrade to Symantec IM Manager 8.4.18.
Exploit works on Symantec IM Manager 8.4.16.
An authenticated user must visit the exploit server in a web browser and click on the button in order for the exploit to succeed.