New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 8.4
SynopsisThe remote Sophos XG Firewall is affected by an SQL Injection vulnerability.
DescriptionA SQL injection (SQLi) vulnerability exists in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.
SolutionRefer to the vendor advisory