This Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.
3d4fc09d9f6482421e030cede564961a2b390c83045857868d24748e125478ec
Sophos Web Protection Appliance version 3.7.8.1 suffers from OS command injection, cross site scripting, and file disclosure vulnerabilities.
e23113a1748c2be870f5cf2ef66700daa14d3f01fcf098583228dcf13f1434ee