CVE-2014-7285 Information

Description

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Reference

http://karmainsecurity.com/KIS-2014-19 http://osvdb.org/show/osvdb/116009 http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html http://www.exploit-db.com/exploits/36263 http://www.securityfocus.com/bid/71620 http://www.securitytracker.com/id/1031386 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00