Symantec Web Gateway search.php SQL Injection (SYM12-011)
High Nessus Plugin ID 61436
SynopsisA web security application hosted on the remote web server is affected by a SQL injection vulnerability.
DescriptionThe remote web server is hosting a version of Symantec Web Gateway that is affected by a SQL injection vulnerability. The vulnerability is in includes/dbutils.php, and is exploitable via search.php. A remote, unauthenticated attacker could exploit this to execute arbitrary database queries.
Note that this install is likely affected by several other issues, although this plugin has not checked for them.
SolutionUpgrade to Symantec Web Gateway version 22.214.171.124 and apply database upgrade 126.96.36.1998.