Share
## https://sploitus.com/exploit?id=SAINT:7F7F4076726A78FD0C351414F21D5575
Added: 11/24/2023  
CVE: [CVE-2023-1671](<https://vulners.com/cve/CVE-2023-1671>)  


### Background

Sophos Web Appliance is a web proxy providing HTTP security. 

### Problem

A vulnerability in `**UsrBlocked.php**` allows remote attackers to inject arbitrary commands into an HTTP request. 

### Resolution

Upgrade to Sophos Web Appliance 4.3.10.4 or higher. 

### References

<https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce>  
<https://vulncheck.com/blog/cve-2023-1671-analysis>