Symantec Web Gateway forget.php Blind SQL Injection (SYM11-008)
High Nessus Network Monitor Plugin ID 5991
SynopsisThe web security application running on the remote host has a SQL injection vulnerability.
DescriptionVersions of Symantec Web Gateway 4.5.x are potentially affected by a SQL injection vulnerability. Input to the 'username' parameter of the 'forget.php' script is not properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrary SQL queries.
SolutionUpgrade to Symantec Web Gateway version 5.0.1 or later.