2 matches found
Command injection
The Sophos Web Appliance version 4.2.1.3 is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php /controllers/MgrReport.php component responsible for blocking and unblocking IP addresses from...
CVE-2016-9553
CVE-2016-9553 — Sophos Web Appliance 4.2.1.3 is vulnerable to two remote command injection flaws in the web admin interface (MgrReport.php) where user-supplied values for unblockip and blockip are passed to shell_exec without proper escaping. An authenticated, remote attacker could exploit these ...