Symantec Endpoint Protection Manager CVE-2013-5015 Local SQL Injection Vulnerability

Symantec Endpoint Protection Manager is prone to a local SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An authenticated attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following versions are vulnerable:

Symantec Endpoint Protection Manager 11.0
Symantec Endpoint Protection Center Small Business Edition 12.0
Symantec Endpoint Protection Manager 12.1


 

Privacy Statement
Copyright 2010, SecurityFocus