CVE-2010-0115

critical

Description

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64658

http://www.zerodayinitiative.com/advisories/ZDI-11-013/

http://www.vupen.com/english/advisories/2011/0088

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00

http://www.securitytracker.com/id?1024958

http://www.securityfocus.com/bid/45742

http://secunia.com/advisories/42878

http://osvdb.org/70415

Details

Source: Mitre, NVD

Published: 2011-01-14

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01126

Detections

Analytics