Sophos Web Appliance 4.2.1.3 Remote Command Execution

This Metasploit module exploits a remote command execution vulnerability in the Sophos Web Appliance versions 4.2.1.3 and below. The vulnerability exists in a section of the machine’s administrative interface for performing diagnostic network tests with wget and unsanitized user supplied information.

Leave a Reply