module
Sophos UTM WebAdmin SID Command Injection
| Disclosed | Created |
|---|---|
| Sep 18, 2020 | Oct 28, 2021 |
Disclosed
Sep 18, 2020
Created
Oct 28, 2021
Description
This module exploits an SID-based command injection in Sophos UTM's
WebAdmin interface to execute shell commands as the root user.
WebAdmin interface to execute shell commands as the root user.
Authors
Justin Kennedy
wvu [email protected]
wvu [email protected]
Platform
Linux,Unix
Architectures
cmd, x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.