Sophos Cyberoam CR500iNG-XP Firewall Appliance SQL Injection Vulnerability

Sophos Cyberoam CR500iNG-XP Firewall Appliance SQL Injection Vulnerability

CVE-2015-6811 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.

Learn more about our Cis Benchmark Audit For Sophos.