Lucene search
PRIOn knowledge basePRION:CVE-2022-27485HistoryApr 11, 2023 - 5:15 p.m.
Sql injection
2023-04-1117:15:00
PRIOn knowledge base
www.prio-n.com
2
sql injection
cwe-89
fortinet fortisandbox
remote attacker
linux system
http request
arbitrary files
A improper neutralization of special elements used in an sql command (βsql injectionβ) vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieveΒ arbitrary files from the underlying Linux system via a crafted HTTP request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fortisandbox | ge | 3.0.1 | |
| fortisandbox | le | 3.0.7 | |
| fortisandbox | ge | 3.1.0 | |
| fortisandbox | lt | 3.2.4 | |
| fortisandbox | ge | 4.0.0 | |
| fortisandbox | lt | 4.0.3 | |
| fortisandbox | eq | 4.2.0 |
References
Related
nvd
nvd
CVE-2022-27485
2023-04-11 17:15:07
cvelist
cvelist
CVE-2022-27485
2023-04-11 16:07:08
fortinet
fortinet
FortiSandbox - SQL injection in certificate downloading feature
2023-04-11 00:00:00
cve
cve
CVE-2022-27485
2023-04-11 17:15:07