Lucene search
Brandon PerryZDI-14-211HistoryJun 18, 2014 - 12:00 a.m.
Symantec Web Gateway user.php SQL Injection and snmpConfig.php Command Injection Remote Code Execution Vulnerability
2014-06-1800:00:00
Brandon Perry
www.zerodayinitiative.com
9
0.011 Low
EPSS
Percentile
84.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability. The specific flaws exist within the user.php and snmpConfig.php files. SQL injection and command injection is possible through vulnerable request parameters. An attacker can leverage these vulnerabilities to read files and achieve remote code execution under the context of the root user.
Related
cvelist
cvelist
CVE-2013-5017
2014-06-18 19:00:00
cve
cve
CVE-2013-5017
2014-06-18 19:55:04
prion
prion
Command injection
2014-06-18 19:55:00
nvd
nvd
CVE-2013-5017
2014-06-18 19:55:04
openvas
openvas
Symantec Web Gateway Multiple Vulnerabilities -01 (Dec 2014)
2014-12-23 00:00:00
symantec
symantec
Symantec Web Gateway Security Issues
2014-06-16 08:00:00
nessus
nessus
Symantec Web Gateway < 5.2.1 Multiple Vulnerabilities (SYM14-010)
2014-06-19 00:00:00