CVE-2014-2850 | HackTesting

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

References

http://www.securityfocus.com/bid/66734

http://www.sophos.com/en-us/support/knowledgebase/120230.aspx

http://www.zerodayinitiative.com/advisories/ZDI-14-069/

http://www.exploit-db.com/exploits/32789

http://secunia.com/advisories/57706