CVE-2014-7285

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-7285. PoCs published by Metasploit, Egidio Romano, sinn3r, including Metasploit module exploits/linux/http/symantec_web_gateway_restore.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Symantec Web Gateway's restore.php feature. It authenticates, injects a payload via a crafted filename in a multipart form, and executes arbitrary commands under the context of the HTTP service.

Description

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/36263

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Symantec Web Gateway's restore.php feature. It authenticates, injects a payload via a crafted filename in a multipart form, and executes arbitrary commands under the context of the HTTP service.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Symantec Web Gateway 5.1.1, 5.2.1

Auth required

Prerequisites: Valid credentials (admin for 5.2.1, any user for 5.1.1) · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Egidio Romano, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantec_web_gateway_restore.rb