The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:L/Au:N/C:C/I:C/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Sophos |
|
Configuration 1 [-]
AND |
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2013-09-10T10:00:00Z
Updated: 2024-09-17T03:02:50.133Z
Reserved: 2013-07-29T00:00:00Z
Link: CVE-2013-4983
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-09-10T11:28:40.997
Modified: 2013-10-09T14:51:56.963
Link: CVE-2013-4983
Redhat
No data.