CVE-2013-2641

Sophos Web Appliance <3.7.8.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.

Exploits (2)

exploitdb WRITEUP

webappslinux

https://www.exploit-db.com/exploits/24932

View Code ZIP pw:eip

metasploit WORKING POC

by Wolfgang Ettlingers, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/sophos_wpa_traversal.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www.sophos.com/en-us/support/knowledgebase/118969.aspx

[Exploit] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt

Scores

EPSS 0.8235

EPSS Percentile 99.2%

Details

CWE

CWE-22

Status published

Products (2)

sophos/web_appliance

sophos/web_appliance_firmware < 3.7.8.1

Published Mar 18, 2014

Tracked Since Feb 18, 2026