CyberSec.Space Logo
Back to CVE Browser

CVE-2014-5503

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile12.63th
PublishedOct 7, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.

Affected Platforms (CPE)

πŸ’»
Cyberoam

Cyberoam Os

<= 10.4
πŸ’»
Cyberoam

Cyberoam Os

<= 10.6.1

References & Advisories

πŸ”— http://kb.cyberoam.com/default.asp?id=3049
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-329/
πŸ”— http://kb.cyberoam.com/default.asp?id=3049
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-329/

Related Vulnerabilities

CVE-2019-170599.8

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attacke...

CVE-2020-370959.8

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary ...

CVE-2020-295749.8

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbit...

CVE-2014-55019.3

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remo...