Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.
Symantec Web Gateway 5.0.x.x before 126.96.36.199 is vulnerable to command injection due to
spywall/pbcontrol.php failing to properly sanitize input passed via the
filename parameter. This may allow a remote attacker to execute arbitrary shell commands.
Upgrade to Symantec Web Gateway 188.8.131.52 or later with the Database Update 184.108.40.2068 or later.
This exploit was tested against Symantec Web Gateway 220.127.116.11 on Fedora Project Fedora Core 3 with Exec-Shield Enabled.