SQL Injection Vulnerability in Fortinet FortiSandbox Products
CVE-2024-54026
4.1MEDIUM
Summary
Fortinet FortiSandbox products exhibit a vulnerability due to improper neutralization of special elements within SQL commands, allowing attackers to execute unauthorized code or commands. This flaw is present across various versions of FortiSandbox and exposes systems to potential exploits through crafted HTTP requests, necessitating immediate remediation to safeguard network integrity.
Affected Version(s)
FortiSandbox 4.4.0 <= 4.4.6
FortiSandbox 4.2.0 <= 4.2.8
FortiSandbox 4.0.0 <= 4.0.6
References
CVSS V3.1
Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved