SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.Referenceshttp://kb.cyberoam.com/default.asp?id=3049http://www.zerodayinitiative.com/advisories/ZDI-14-329/
