Symantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.