CVE-2012-2953

Symantec Web Gateway <5.0.3.18 - RCE

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-2953. PoCs published by Metasploit, muts, muts, sinn3r, including Metasploit module exploits/linux/http/symantec_web_gateway_pbcontrol.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Symantec Web Gateway 5.0.2.18 via the 'filename' parameter in pbcontrol.php, allowing remote code execution without authentication.

Description

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/20113

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Symantec Web Gateway 5.0.2.18 via the 'filename' parameter in pbcontrol.php, allowing remote code execution without authentication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Symantec Web Gateway 5.0.2.18

No auth needed

Prerequisites: Network access to the target · Target running Symantec Web Gateway 5.0.2.18

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by muts · pythonremotelinux

https://www.exploit-db.com/exploits/20088

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in Symantec Web Gateway 5.0.3.18 via the pbcontrol.php script. It crafts a malicious URL to execute a reverse shell payload, leveraging sudo to achieve root-level remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Symantec Web Gateway 5.0.3.18

No auth needed

Prerequisites: Network access to the target · Target must be running Symantec Web Gateway 5.0.3.18

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by muts, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantec_web_gateway_pbcontrol.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Symantec Web Gateway 5.0.2.18 via the `filename` parameter in `pbcontrol.php`, allowing remote code execution without authentication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Symantec Web Gateway 5.0.2.18

No auth needed

Prerequisites: Network access to the target · Target running Symantec Web Gateway 5.0.2.18

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/108471

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/54426

Scores

EPSS 0.6739

EPSS Percentile 99.2%

Details

CWE

CWE-78

Status published

Products (4)

symantec/web_gateway 5.0

symantec/web_gateway 5.0.1

symantec/web_gateway 5.0.2

symantec/web_gateway 5.0.3

Published Jul 23, 2012

Tracked Since Feb 18, 2026