CVE-2011-0549
Symantec Web Gateway 4.5.x - SQL Injection via Username Parameter
Title source: llmDescription
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45146
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-233/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1025753
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48318
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68428
Scores
EPSS
0.0110
EPSS Percentile
78.3%
Details
CWE
CWE-89
Status
published
Products (9)
symantec/web_gateway
4.5
symantec/web_gateway
4.5.0.326
symantec/web_gateway
4.5.1.34
symantec/web_gateway
4.5.1.44
symantec/web_gateway
4.5.2.37
symantec/web_gateway
4.5.2.65
symantec/web_gateway
4.5.2.72
symantec/web_gateway
4.5.3.38
symantec/web_gateway
4.5.4.9
Published
Jul 11, 2011
Tracked Since
Feb 18, 2026