CVE-2010-0114

fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.

Published: Dec 22, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0114
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
symantec / endpoint_protection	11.0.4-mp1a	11.0.4-mp1a.x
symantec / endpoint_protection	11.0.2	11.0.2.x
symantec / endpoint_protection	11.0.4	11.0.4.x
symantec / endpoint_protection	11.0.4-mp2	11.0.4-mp2.x
symantec / endpoint_protection	11.0.1-mp1	11.0.1-mp1.x
symantec / endpoint_protection	11.0	11.0.x
symantec / endpoint_protection	11.0.2-mp2	11.0.2-mp2.x
symantec / endpoint_protection	11.0-ru5	11.0-ru5.x
symantec / endpoint_protection	11.0-ru6	11.0-ru6.x
symantec / endpoint_protection	11.0.3001	11.0.3001.x
symantec / endpoint_protection	11.0-ru6mp1	11.0-ru6mp1.x
symantec / endpoint_protection	11.0.2-mp1	11.0.2-mp1.x
symantec / endpoint_protection	11.0.1	11.0.1.x

Vulnerability Database

289,697

CVE-2010-0114