Sophos patched a SQL injection flaw with XG Firewall product that exploited by attackers in the wild. Sophos informed about the bug on April 22, 2020, further analysis revealed that hackers can attack systems with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone.
Read full article on GBHackers