CVE-2011-0549

critical

Description

SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/68428

http://www.zerodayinitiative.com/advisories/ZDI-11-233/

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00

http://www.securityfocus.com/bid/48318

http://securitytracker.com/id?1025753

http://secunia.com/advisories/45146

Details

Source: Mitre, NVD

Published: 2011-07-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics