Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2574

CWE-89SQL Injection4 documents4 sources
Severity
7.5HIGH
EPSS
1.1%
top 21.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec WEB Gateway
Timeline
PublishedJul 23
Latest updateMay 17

Description

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsymantec/web_gateway4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-w7rc-8rcf-m5v6: SQL injection vulnerability in the management console in Symantec Web Gateway 52022-05-17
CVEList
CVE-2012-2574: SQL injection vulnerability in the management console in Symantec Web Gateway 52012-07-23

💥Exploits & PoCs

1
Exploit-DB
Symantec Web Gateway 5.0.2 - 'blocked.php?id' Blind SQL Injection2012-07-23
CVE-2012-2574 (HIGH CVSS 7.5) | SQL injection vulnerability in the | cvebase.io