CVE-2023-37931
published 2025-01-14CVE-2023-37931: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | >= 6.0.0 < 6.4.9 | 6.4.9 |
| fortinet | fortivoice | 6.0.0 – 6.0.12 | — |
| fortinet | fortivoice | 6.4.0 – 6.4.8 | — |
| fortinet | fortivoice | >= 7.0.0 < 7.0.2 | 7.0.2 |
| fortinet | fortivoice | 7.0.0 – 7.0.1 | — |