CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0049 (0.5%)
Percentile: 65.8%
EPSS: 2026-05-06
Affects
symantec:liveupdate_administratorTechnical description
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published: 3/29/2014, 1:55:07 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html
- http://www.securityfocus.com/bid/66400
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt
- http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html
- http://www.securityfocus.com/bid/66400
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt