Sophos XG Firewall Controller filter SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos XG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the filter parameter provided to the /userportal/Controller endpoint. T...