FortiSandbox - Pervarsive SQL Injection
Summary
Instances of SQL Injection vulnerabilities in FortiSandbox's checksum search and MTA-quarantine modules may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
Affected Products
FortiSandbox version 3.2.2 and earlier.
FortiSandbox version 3.1.4 and earlier.
Solutions
Upgrade to FortiSandbox version 3.2.2 or later.
Upgrade to FortiSandbox version 3.1.5 or later.
Acknowledgement
Discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.Timeline
2021-08-03: Initial publication