CVE-2022-27485

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 3.0.x through 4.2.0

Description The issue allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. This is due to an improper neutralization of special elements used in an SQL command, also known as SQL injection.

Recommendations For Fortinet FortiSandbox versions 3.0.x through 4.2.0, update to a version that fixes the SQL injection vulnerability to prevent arbitrary file retrieval. At the moment, there is no information about a newer version that contains a fix for this vulnerability.