Fortinet : Security Vulnerabilities, CVEs, Published In 2023 (Sql injection)
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-11-14
Updated
2023-11-20
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-04-11
Updated
2023-04-18
2 vulnerabilities found