SQL Injection in Symantec Web_gateway

CVE-2015-6548

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspe…

Vulnerability class: SQL Injection

EPSS: 0.006 (69.2th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

1033625 (vdb-entry, x_refsource_SECTRACK)
76729 (vdb-entry, x_refsource_BID)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)