Cyberoam versions CR500iNG-XP – 10.6.2 MR-1 and below suffer from a remote blind SQL injection vulnerability.