Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.
Symantec Web Gateway 5.0.x.x before 184.108.40.206 is vulnerable to command injection due to
spywall/pbcontrol.php failing to properly sanitize input passed via the
filename parameter. This may allow a remote attacker to execute arbitrary shell commands.
Upgrade to Symantec Web Gateway 220.127.116.11 or later with the Database Update 18.104.22.1688 or later.
This exploit was tested against Symantec Web Gateway 22.214.171.124 on Fedora Project Fedora Core 3 with Exec-Shield Enabled.