FortiSandbox - SQL Injection vulnerabilities


Instances of SQL Injection vulnerabilities in FortiSandbox's checksum search and MTA-quarantine modules may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.

Affected Products

FortiSandbox version 3.2.2 and earlier.
FortiSandbox version 3.1.4 and earlier.


Upgrade to FortiSandbox version 3.2.2 or later.

Upgrade to FortiSandbox version 3.1.5 or later.


Discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.