Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.
Symantec Web Gateway 5.0.x.x before 18.104.22.168 is vulnerable to command injection due to
spywall/pbcontrol.php failing to properly sanitize input passed via the
filename parameter. This may allow a remote attacker to execute arbitrary shell commands.
Upgrade to Symantec Web Gateway 22.214.171.124 or later with the Database Update 126.96.36.1998 or later.
This exploit was tested against Symantec Web Gateway 188.8.131.52 on Fedora Project Fedora Core 3 with Exec-Shield Enabled.