CVE-2010-0115SQL Injection in WEB Gateway

CWE-89SQL Injection5 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec WEB Gateway
Timeline
PublishedJan 14
Latest updateMay 2

Description

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsymantec/web_gateway4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-c2cv-ghmr-h386: SQL injection vulnerability in login2022-05-02
CVEList
CVE-2010-0115: SQL injection vulnerability in login2011-01-14

💬Community

2
Bugzilla
CVE-2010-0423 pidgin: Smiley Denial of Service2010-02-16
Bugzilla
CVE-2010-0277 pidgin MSN protocol plugin memory corruption2010-01-11
CVE-2010-0115 — SQL Injection in Symantec WEB Gateway | cvebase