2 matches found
CVE-2022-27485
A improper neutralization of special elements used in an sql command 'sql injection' vulnerability CWE-89 in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files...
CVE-2022-27485
Fortinet FortiSandbox contains an SQL Injection (CWE-89) flaw allowing a remote authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. Affected versions include 3.0.x through 4.2.0 and 4.0.0–4.0.2, 3.2.0–3.2.3, 3.1.x. F...