CVE-2011-0549
Symantec Web Gateway forget.php SQL Injection Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.
Vulnerabilidad de inyección SQL en forget.php en la administración de Symantec Web Gateway v4.5.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro username.
This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of the Symantec Web Gateway appliance. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the username parameter of POST requests to the forget.php script. The parameter is not sanitized and a remote attacker can abuse this to inject arbitrary SQL into the underlying database.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-20 CVE Reserved
- 2011-07-07 CVE Published
- 2024-04-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1025753 | Vdb Entry | |
| http://www.securityfocus.com/bid/48318 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00 | X_refsource_confirm | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-233 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68428 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/45146 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5 Search vendor "Symantec" for product "Web Gateway" and version "4.5" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.0.326 Search vendor "Symantec" for product "Web Gateway" and version "4.5.0.326" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.1.34 Search vendor "Symantec" for product "Web Gateway" and version "4.5.1.34" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.1.44 Search vendor "Symantec" for product "Web Gateway" and version "4.5.1.44" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.2.37 Search vendor "Symantec" for product "Web Gateway" and version "4.5.2.37" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.2.65 Search vendor "Symantec" for product "Web Gateway" and version "4.5.2.65" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.2.72 Search vendor "Symantec" for product "Web Gateway" and version "4.5.2.72" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.3.38 Search vendor "Symantec" for product "Web Gateway" and version "4.5.3.38" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | 4.5.4.9 Search vendor "Symantec" for product "Web Gateway" and version "4.5.4.9" | - |
Affected
| ||||||