Sophos provided no additional details about the vulnerability. SQL injection exploit flaws that execute malicious code through strings that are entered into forms contained on a vulnerable website.

No source code is required to run this tool. From a starting URL, the tool recursively crawls that URL in order to build up a site tree that will be then analyzed for SQL injection vulnerabilities.

Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged ...