CVE-2012-2961

Symantec Web Gateway <5.0.3.18 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by muts · textwebappsphp

https://www.exploit-db.com/exploits/20044

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/108471

Third Party Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/54425

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/77116

Scores

EPSS 0.0117

EPSS Percentile 78.8%

Details

CWE

CWE-89

Status published

Products (4)

symantec/web_gateway 5.0

symantec/web_gateway 5.0.1

symantec/web_gateway 5.0.2

symantec/web_gateway 5.0.3

Published Jul 23, 2012

Tracked Since Feb 18, 2026