CVE-2012-2961 – Symantec Web Gateway 5.0.3.18 - Blind SQL Injection Backdoor via MySQL Triggers
https://notcve.org/view.php?id=CVE-2012-2961
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola de gestión en Symantec Web Gateway v5.0.x anteriores a v5.0.3.18, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers. • https://www.exploit-db.com/exploits/20044 http://www.kb.cert.org/vuls/id/108471 http://www.securityfocus.com/bid/54425 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/77116 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •