ID
VAR-202503-0792
CVE
CVE-2024-54026
DESCRIPTION
An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Trust: 1.0
sources:
NVD: CVE-2024-54026
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortisandbox | scope: | lt | version: | 4.4.7 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 3.0.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | eq | version: | 24.1 | Trust: 1.0 |
sources:
NVD: CVE-2024-54026
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2024-54026 //
NVD: CVE-2024-54026
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.0 |
sources:
NVD: CVE-2024-54026
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-54026 | Trust: 1.0 |
sources:
NVD: CVE-2024-54026
REFERENCES
| url: | https://fortiguard.fortinet.com/psirt/fg-ir-24-353 | Trust: 1.0 |
sources:
NVD: CVE-2024-54026
SOURCES
| db: | NVD | id: | CVE-2024-54026 |
LAST UPDATE DATE
2025-07-26T23:18:28.452000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2024-54026 | date: | 2025-07-24T18:46:17.740 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2024-54026 | date: | 2025-03-11T15:15:43.307 |