An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HFortinet Fortisandbox
APPFortinet4.0.0 – 4.0.64.2.0 – 4.2.84.4.0 – 4.4.75.0.0 – 5.0.2
Related vulnerabilities
Command injection w Fortinet FortiSandbox — dostęp bez uwierzytelnienia
Brak autoryzacji w Fortinet FortiSandbox umożliwia zdalne wykonanie kodu
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 ...
Command Injection w Fortinet FortiSandbox umożliwiający RCE
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79]...