CVE-2024-54026

{"id": "CVE-2024-54026", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-11T15:15:43.307", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-353", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests."}, {"lang": "es", "value": "Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando sql ('sql injection') en Fortinet FortiSandbox Cloud versi\u00f3n 23.4, FortiSandbox al menos 4.4.0 a 4.4.6 y 4.2.0 a 4.2.7 y 4.0.0 a 4.0.5 y 3.2.0 a 3.2.4 y 3.1.0 a 3.1.5 y 3.0.0 a 3.0.7 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes HTTP espec\u00edficamente manipuladas."}], "lastModified": "2026-01-14T15:15:55.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D280A54-5CA3-4721-897D-24F5EC53BBA0", "versionEndExcluding": "4.4.7", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:24.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1CD35DA-04DD-43F7-8DEE-3280A2DB46EE"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}