CVE-2010-0115 Information

Description

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.

Reference

http://osvdb.org/70415 http://secunia.com/advisories/42878 http://www.securityfocus.com/bid/45742 http://www.securitytracker.com/id?1024958 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 http://www.vupen.com/english/advisories/2011/0088 http://www.zerodayinitiative.com/advisories/ZDI-11-013/ https://exchange.xforce.ibmcloud.com/vulnerabilities/64658