A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HSophos Sfos
OSSophos17.1≤ 17.0Sophos Xg Firewall
HWSophoswszystkie wersje
Related vulnerabilities
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute cod...
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S B...
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall dev...
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potential...
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sopho...