An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSophos Cyberoamos
OSSophos≤ 2020-12-04
CISA KEV — detailsi
- Vendori
- Sophos
- Producti
- CyberoamOS
- Added to KEVi
- February 6, 2025
- Remediation deadline (US Federal)i
- February 27, 2025(overdue)
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
Related vulnerabilities
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 a...
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than vers...
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sop...
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute cod...
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, a...