CVE-2013-2642

Sophos Web Appliance <3.7.8.2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2642.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult Vulnerability Lab describing multiple vulnerabilities in Sophos Web Protection Appliance, including unauthenticated local file disclosure, OS command injection, and reflected XSS. It provides technical details, proof-of-concept examples, and attack scenarios.

Description

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.

Exploits (1)

exploitdb WRITEUP
webappslinux
https://www.exploit-db.com/exploits/24932

This is a detailed security advisory from SEC Consult Vulnerability Lab describing multiple vulnerabilities in Sophos Web Protection Appliance, including unauthenticated local file disclosure, OS command injection, and reflected XSS. It provides technical details, proof-of-concept examples, and attack scenarios.

Classification
Writeup 100%
Attack Type
Info Leak | Rce | Xss
Complexity
Moderate
Reliability
Reliable
Target: Sophos Web Protection Appliance <= 3.7.8.1
No auth needed
Prerequisites: Network access to the appliance · Valid session ID for authenticated attacks
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0718
EPSS Percentile 93.5%

Details

CWE
CWE-78
Status published
Products (2)
sophos/web_appliance
sophos/web_appliance_firmware < 3.7.8.1
Published Mar 18, 2014
Tracked Since Feb 18, 2026