SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

The remote web server is hosting a version of Symantec Web Gateway that is affected by a SQL injection vulnerability.  The vulnerability is in includes/dbutils.php, and is exploitable via search.php.  A remote, unauthenticated attacker could exploit this to execute arbitrary database queries. 

Note that this install is likely affected by several other issues, although this plugin has not checked for them.

Detections

Analytics

CVE-2012-2961

critical

Tenable Plugins

high