CVE-2010-0115
Symantec Web Gateway < 4.5.0.376 - SQL Injection via USERNAME Parameter
Title source: llmDescription
SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.
References (8)
Core 8
Core References
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45742
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0088
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64658
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42878
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-013/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70415
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024958
Scores
EPSS
0.0113
EPSS Percentile
78.5%
Details
CWE
CWE-89
Status
published
Products (4)
symantec/web_gateway
4.5
symantec/web_gateway
4.5.0.325
symantec/web_gateway
4.5.0.326
symantec/web_gateway
4.5.0.327
Published
Jan 14, 2011
Tracked Since
Feb 18, 2026