CVE-2006-0522

Symantec Sygate Management Server - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nicob · webappscgi

https://www.exploit-db.com/exploits/1680

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015561

Patch, Vendor Advisory x_refsource_confirm

http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16452

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18689

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/24413

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/22883

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0402

Scores

EPSS 0.0169

EPSS Percentile 82.3%

Details

Status published

Products (5)

symantec/sygate_management_server 3.5_mr_3_build_894_english

symantec/sygate_management_server 4.0_mr_1_build_1104_english

symantec/sygate_management_server 4.1_ga_build_1258_japanese

symantec/sygate_management_server 4.1_mr1_build_1351_chinese

symantec/sygate_management_server < 4.1_mr_2_build_1417_english

Published Feb 02, 2006

Tracked Since Feb 18, 2026