Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1807

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.

Published

2022-09-07T18:15:08.647

Last Modified

2025-06-17T20:15:24.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
CWE-89
Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sophos	firewall	< 18.5	Yes
Operating System	sophos	firewall	18.5	Yes
Operating System	sophos	firewall	18.5	Yes
Operating System	sophos	firewall	18.5	Yes
Operating System	sophos	firewall	18.5	Yes
Operating System	sophos	firewall	18.5	Yes
Operating System	sophos	firewall	19.0	Yes

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4 Vendor Advisory ([email protected])
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-19-0-1 Vendor Advisory ([email protected])
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-19-0-1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)