CVE-2015-6548

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published: Sep 20, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-6548
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:L/Au:M/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
symantec / web_gateway	-	5.2.2.x

http://www.securityfocus.com/bid/76729
http://www.securitytracker.com/id/1033625
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00

Vulnerability Database

289,599

CVE-2015-6548