vendor:
Web Gateway
by:
muts
8,8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Web Gateway
Affected Version From: Symantec Web Gateway 5.0.3.18
Affected Version To: Symantec Web Gateway 5.0.3.18
Patch Exists: YES
Related CWE: N/A
CPE: a:symantec:web_gateway:5.0.3.18
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
A Blind SQL Injection vulnerability exists in Symantec Web Gateway 5.0.3.18. An attacker can exploit this vulnerability by accessing certain URLs which will create a new trigger that will create a user account on the victim database. An authenticated user can initiate a reboot of the remote system by accessing the URL which will execute the trigger and create a new user account.
Mitigation:
Symantec issued a patch to address this vulnerability: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00
