Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.Referenceshttps://infosecninja.blogspot.in/2017/04/cve-2016-7786-sophos-cyberoam-utm.htmlhttps://www.exploit-db.com/exploits/44469/
