CVE-2024-12727 – Sophos Firewall SQL Injection Vulnerability

12月 19, 2024
10:17 pm

CVE ID : CVE-2024-12727

Published : Dec. 19, 2024, 9:15 p.m. | 1 hour, 2 minutes ago

Description : A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12727 – Sophos Firewall SQL Injection Vulnerability

Elvescore.io

Recent Posts

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

CVE-2024-11688 – WordPress LaTeX2HTML Reflected Cross-Site Scripting

CVE-2024-11722 – WordPress DynamiApps Frontend Admin SQL Injection

CVE-2024-12408 – “Amazon Web Services (AWS) WordPress Reflected Cross-Site Scripting (XSS)”

CVE-2024-12558 – WordPress WP BASE Booking Unauthenticated Database Access Vulnerability

CVE-2024-12591 – MagicPost WordPress Stored Cross-Site Scripting

CVE-2024-12727 – Sophos Firewall SQL Injection Vulnerability

CVE-2024-12727 – Sophos Firewall SQL Injection Vulnerability