A improper neutralization of special elements used in an sql command (βsql injectionβ) vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieveΒ arbitrary files from the underlying Linux system via a crafted HTTP request.
CPE | Name | Operator | Version |
---|---|---|---|
fortisandbox | ge | 3.0.1 | |
fortisandbox | le | 3.0.7 | |
fortisandbox | ge | 3.1.0 | |
fortisandbox | lt | 3.2.4 | |
fortisandbox | ge | 4.0.0 | |
fortisandbox | lt | 4.0.3 | |
fortisandbox | eq | 4.2.0 |