Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0299

CWE-2644 documents4 sources
Severity
10.0CRITICAL
EPSS
82.3%
top 0.78%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec WEB Gateway
Timeline
PublishedMay 21
Latest updateMay 4

Description

The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/web_gateway5.0, 5.0.1, 5.0.2+2

🔴Vulnerability Details

2
GHSA
GHSA-m49c-56fp-p4wc: The file-management scripts in the management GUI in Symantec Web Gateway 52022-05-04
CVEList
CVE-2012-0299: The file-management scripts in the management GUI in Symantec Web Gateway 52012-05-21

💥Exploits & PoCs

1
Exploit-DB
Symantec Web Gateway 5.0.2.8 - Arbitrary '.PHP' File Upload (Metasploit)2012-06-10
CVE-2012-0299 (CRITICAL CVSS 10) | The file-management scripts in the | cvebase.io