Advisory Details Title: Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability Date: September 16th, 2015 ID: ZDI-15-443, ZDI-CAN-2917 CVE ID: CVE-2015-5691, CVE-2015-5692 CVSS Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Affected Vendors: Symantec Affected Products: Web Gateway Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, which can be bypassed via reflected cross-site scripting. The flaw exists within the admin_messages.php file due to inadequate validation of mime types and file extensions. Additional Details: Symantec released an update for this vulnerability. More details are available at: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pid=security_advisory&year =&suid=20150916_00 Disclosure Timeline: 2015-05-06: Vulnerability reported to vendor 2015-09-16: Coordinated public release of advisory Credit: Jos Wetzels - LeakFree Security