Vulnerability Description
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cyberoam | Cyberoamos | 10.6.2 |
| Cyberoam | Cr500Ing-Xp | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133378/Cyberoam-CR500iNG-XP-10.6.2-MR-1-BliExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/38034/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/133378/Cyberoam-CR500iNG-XP-10.6.2-MR-1-BliExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/38034/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-6811?
CVE-2015-6811 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username par...
How severe is CVE-2015-6811?
CVE-2015-6811 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6811?
Check the references section above for vendor advisories and patch information. Affected products include: Cyberoam Cyberoamos, Cyberoam Cr500Ing-Xp.