CVE-2012-2574

Symantec Web Gateway <5.0.3.18 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2574. PoCs published by muts.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Symantec Web Gateway 5.0.2 via the 'id' parameter in blocked.php. It extracts the admin password hash using time-based SQLi techniques.

Description

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.

Exploits (1)

exploitdb WORKING POC VERIFIED
by muts · pythonwebappslinux
https://www.exploit-db.com/exploits/20038

This exploit demonstrates a blind SQL injection vulnerability in Symantec Web Gateway 5.0.2 via the 'id' parameter in blocked.php. It extracts the admin password hash using time-based SQLi techniques.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Symantec Web Gateway 5.0.2
No auth needed
Prerequisites: Network access to the target Symantec Web Gateway · The target must be vulnerable to CVE-2012-2574
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54424
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/108471
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77112

Scores

EPSS 0.0123
EPSS Percentile 65.0%

Details

CWE
CWE-89
Status published
Products (4)
symantec/web_gateway 5.0
symantec/web_gateway 5.0.1
symantec/web_gateway 5.0.2
symantec/web_gateway 5.0.3
Published Jul 23, 2012
Tracked Since Feb 18, 2026