7.5
CVSSv2

CVE-2012-2574

Published: 23/07/2012 Updated: 22/12/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x prior to 5.0.3.18 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

symantec web gateway 5.0

symantec web gateway 5.0.1

symantec web gateway 5.0.2

symantec web gateway 5.0.3

Vendor Advisories

Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues   Successful exploitation could result in unauthorized command execution on or access to the management console and backend database ...

Exploits

#!/usr/bin/python ###################################################################################### # Exploit Title: Symantec Web Gateway 502 (blockedphp id parameter) Blind SQL Injection # Date: Jul 23 2012 # Author: muts # Version: Symantec Web Gateway 502 # Vendor URL: wwwsymanteccom # # Timeline: # # 29 May 2012: Vulnerabili ...

Github Repositories

https://github.com/sailay1996/offsec_WE

offsec_WE my learning case to prepare OSWE exam work in progress Atmail Mail Server Appliance Case Study (CVE-2012-2593) X-Cart Shopping Cart Case Study (CVE-2012-2570) SolarWinds Orion Case Study - (CVE-2012-2577) DELL SonicWall Scrutinizer Case Study - (CVE-2012-XXXX) SolarWinds Storage Manager 510 - (CVE-2012-2576) WhatsUp Gold 1502 Case Study - (CVE-2012-2589)

learning case to prepare OSWE

offsec_WE my learning case to prepare OSWE exam work in progress Atmail Mail Server Appliance Case Study (CVE-2012-2593) X-Cart Shopping Cart Case Study (CVE-2012-2570) SolarWinds Orion Case Study - (CVE-2012-2577) DELL SonicWall Scrutinizer Case Study - (CVE-2012-XXXX) SolarWinds Storage Manager 510 - (CVE-2012-2576) WhatsUp Gold 1502 Case Study - (CVE-2012-2589)