CVE-2020-29011

CWE-89SQL Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.4%
top 41.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisandboxFortinet Fortinet Fortisandbox
Timeline
PublishedAug 4
Latest updateMay 24

Description

Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortisandbox3.2.03.2.2+1
CVEListV5fortinet/fortinet_fortisandboxFortiSandbox 3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0

🔴Vulnerability Details

2
GHSA
GHSA-mm9w-f695-3mm9: Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 32022-05-24
CVEList
CVE-2020-29011: Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 32021-08-04

📋Vendor Advisories

1
Fortinet
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 throu...2021-08-04
CVE-2020-29011 (HIGH CVSS 8.8) | Instances of SQL Injection vulnerab | cvebase.io