The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
Symantec Web Gateway versions 5.1.0.* and below suffer from cross site request forgery, cross site scripting, command injection, and remote SQL injection vulnerabilities.