Unauthorized Code Execution via SQL Injection in FortiSOAR

CVE-2023-23775

5.9MEDIUM

Key Information

Vendor
Fortinet
Status
Fortisoar
Vendor
CVE Published:
11 June 2024

Summary

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

Affected Version(s)

FortiSOAR = 7.2.0

FortiSOAR <= 7.0.3

Refferences

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.