Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-20-171 | Vendor Advisory |
https://fortiguard.com/advisory/FG-IR-20-171 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/advisory/FG-IR-20-171 - Vendor Advisory |
Information
Published : 2021-08-04 16:15
Updated : 2024-11-21 05:23
NVD link : CVE-2020-29011
Mitre link : CVE-2020-29011
CVE.ORG link : CVE-2020-29011
JSON object : View
Products Affected
fortinet
- fortisandbox
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')