CVE-2023-37931

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-220

Configurations

No configuration.

History

18 Feb 2025, 22:15

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('inyección SQL') [CWE-88] en FortiVoice Entreprise versión 7.0.0 a 7.0.1 y anteriores a 6.4.8 permite que un atacante autenticado realice un ataque de inyección Blind SQL mediante el envío de solicitudes HTTP o HTTPS manipulado

14 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 14:15

Updated : 2025-02-18 22:15

NVD link : CVE-2023-37931

Mitre link : CVE-2023-37931

CVE.ORG link : CVE-2023-37931

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

8.8 /10