The new_whitelist.php page in Symantec Web Gateway Management Console allows some specially crafted entries to update the whitelist without proper validation. A lower-privileged but authorized management console user can bypass the whitelist validation using a 'sid' parameter with a value different from zero. This module exploits this vulnerability to inject and execute arbitrary OS commands with the privileges of the 'root' user on the appliance.
CVE Link
Exploit Platform
Exploit Type
Product Name