Unauthorized Code Execution via SQL Injection in FortiSOAR
CVE-2023-23775

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortisoar
Vendor: CVE Published:; 11 June 2024

What is CVE-2023-23775?

The identified vulnerabilities in FortiSOAR products arise from multiple instances of improper handling of special elements in SQL commands, which are classified under SQL injection threats. These vulnerabilities enable an authenticated attacker to execute unauthorized commands by sending specially crafted string parameters. This may lead to severe implications for data integrity and system security, necessitating swift remedial actions.

Affected Version(s)

FortiSOAR 7.2.0

FortiSOAR 7.0.0 <= 7.0.3

References

https://fortiguard.com/psirt/FG-IR-22-448

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Jan 18, 2023

Fortinet

What is CVE-2023-23775?

Affected Version(s)

References

CVSS V3.1

Timeline