Remote Command Injection Vulnerability in Sophos Web Appliance (SWA) before 4.3.1.2 via Token Parameter (NSWA-1303)

Remote Command Injection Vulnerability in Sophos Web Appliance (SWA) before 4.3.1.2 via Token Parameter (NSWA-1303)

CVE-2017-6184 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

Learn more about our Web App Pen Testing.