Sophos Web Appliance MgrReport blocking Vulnerablity Remote Code Execution Exploit

A vulnerability exists in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. By abusing the blockip variable, an attacker can achieve remote code execution.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2016-9553
Product Version: 
2017_R1
Released Date: 
Wednesday, March 22, 2017 - 00:00