Symantec Web Gateway login.php Blind SQL Injection (SYM11-001)
High Nessus Network Monitor Plugin ID 5990
SynopsisThe web security application running on the remote host has a SQL injection vulnerability.
DescriptionVersions of Symantec Web Gateway 4.5 earlier than 22.214.171.1246 are potentially affected by a SQL injection vulnerability. Input to the 'USERNAME' parameter of the 'login.php' script is not properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrary SQL queries.
SolutionUpgrade to Symantec Web Gateway version 126.96.36.1996 or later.