CVE-2010-0115 – Symantec Web Gateway Management Interface USERNAME Blind SQL Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-0115

12 Jan 2011 — SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. Una vulnerabilidad de inyección SQL en login.php en la GUI de administración de la consola de Symantec Web Gateway 4.5 antes de v4.5.0.376 permite a atacantes remotos ejecutar comandos SQL a través del parámetro USERNAME. This vulnerability allows remote attackers to execute arbitrary code on vulnerable insta... • http://osvdb.org/70415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •