Arbitrary Command Execution in Sophos Web Appliance

Arbitrary Command Execution in Sophos Web Appliance

CVE-2013-4983 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.

Learn more about our Web App Pen Testing.