Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.
Symantec Web Gateway 5.0.x.x before 22.214.171.124 is vulnerable to command injection due to
spywall/pbcontrol.php failing to properly sanitize input passed via the
filename parameter. This may allow a remote attacker to execute arbitrary shell commands.
Upgrade to Symantec Web Gateway 126.96.36.199 or later with the Database Update 188.8.131.528 or later.
This exploit was tested against Symantec Web Gateway 184.108.40.206 on Fedora Project Fedora Core 3 with Exec-Shield Enabled.