CVE-2014-5503

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.

Date published : 2014-10-07

http://kb.cyberoam.com/default.asp?id=3049

http://www.zerodayinitiative.com/advisories/ZDI-14-329/