Vulnerabilities > Sophos > Sfos > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-20 CVE-2018-16118 OS Command Injection vulnerability in Sophos Sfos
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
network
high complexity
sophos CWE-78
8.1
2019-06-20 CVE-2018-16117 OS Command Injection vulnerability in Sophos Sfos
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
network
low complexity
sophos CWE-78
8.8
2019-06-20 CVE-2018-16116 SQL Injection vulnerability in Sophos Sfos 17.0.8
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
network
low complexity
sophos CWE-89
8.8