New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7
SynopsisA web security application hosted on the remote web server is affected by a SQL injection vulnerability.
DescriptionThe remote web server is hosting a version of Symantec Web Gateway that is affected by a SQL injection vulnerability. The vulnerability is in includes/dbutils.php, and is exploitable via search.php. A remote, unauthenticated attacker could exploit this to execute arbitrary database queries.
Note that this install is likely affected by several other issues, although this plugin has not checked for them.
SolutionUpgrade to Symantec Web Gateway version 126.96.36.199 and apply database upgrade 188.8.131.528.