CVE-2020-29574
https://notcve.org/view.php?id=CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. Una vulnerabilidad de inyección SQL en el WebAdmin de Cyberoam OS versiones hasta 04-12-2020, permite a atacantes no autenticados ejecutar sentencias SQL arbitrarias remotamente • https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os https://www.cyberoam.com/ngfw.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-17059
https://notcve.org/view.php?id=CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. Una vulnerabilidad de inyección de shell en el dispositivo de firewall Sophos Cyberoam con CyberoamOS versiones anteriores a 10.6.6 MR-6, permite a atacantes remotos ejecutar comandos arbitrarios por medio de las consolas de Web Admin y SSL VPN. • https://community.sophos.com/kb/en-us/134732 https://community.sophos.com/products/cyberoamos https://thebestvpn.com/cyberoam-preauth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •