Sophos Cyberoam add_guest_user Blind SQL Injection Remote Code Execution Vulnerability

ID ZDI-14-329
Type zdi
Reporter agix
Modified 2014-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary SQL on vulnerable installations of Sophos Cyberoam. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the add_guest_user opcode. The issue lies in the failure to properly sanitize the specified mobile number prior to executing a SQL query. A remote attacker can leverage this vulnerability to disclose credentials and possibly leverage this situation to achieve remote code execution.