FG-IR-20-171: FortiSandbox - Pervarsive SQL Injection
First published: Tue Aug 03 2021(Updated: )
Instances of SQL Injection vulnerabilities in FortiSandbox's checksum search and MTA-quarantine modules may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSandbox Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-20-171?
The severity of FG-IR-20-171 is high due to the potential for code execution via SQL injection.
How do I fix FG-IR-20-171?
To fix FG-IR-20-171, update FortiSandbox to the latest version as recommended by Fortinet.
What software versions are affected by FG-IR-20-171?
FG-IR-20-171 affects various versions of Fortinet FortiSandbox software.
What type of attack does FG-IR-20-171 involve?
FG-IR-20-171 involves SQL injection attacks that can be executed through manipulated HTTP requests.
Who can exploit FG-IR-20-171?
FG-IR-20-171 can be exploited by authenticated attackers who have access to the affected system.
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2020-29011
- agent/last-modified-date
- agent/type
- collector/fortiguard-psirt
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortisandbox firmware