CVE-2020-29011

Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:23

Type Values Removed Values Added
References () https://fortiguard.com/advisory/FG-IR-20-171 - Vendor Advisory () https://fortiguard.com/advisory/FG-IR-20-171 - Vendor Advisory

Information

Published : 2021-08-04 16:15

Updated : 2024-11-21 05:23


NVD link : CVE-2020-29011

Mitre link : CVE-2020-29011

CVE.ORG link : CVE-2020-29011


JSON object : View

Products Affected

fortinet

  • fortisandbox
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')