VU#108471

54425

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00

symantec-gateway-ldaplatest-sql-injection(77116)

The remote web server is hosting a version of Symantec Web Gateway that is affected by a SQL injection vulnerability.  The vulnerability is in includes/dbutils.php, and is exploitable via search.php.  A remote, unauthenticated attacker could exploit this to execute arbitrary database queries. 

Note that this install is likely affected by several other issues, although this plugin has not checked for them.

CVE-2012-2961

high

Tenable Plugins

high