Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-20-171 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-08-04 16:15
Updated : 2024-02-28 18:28
NVD link : CVE-2020-29011
Mitre link : CVE-2020-29011
CVE.ORG link : CVE-2020-29011
JSON object : View
Products Affected
fortinet
- fortisandbox
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')