{"vulnerability": "CVE-2020-29015", "sightings": [{"uuid": "789c6fbe-2d43-48ad-9aee-8ce4c4fa8801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29015", "type": "seen", "source": "MISP/4acf1d49-6b23-4d04-9888-244468b25710", "content": "", "creation_timestamp": "2024-11-14T06:09:42.000000Z"}, {"uuid": "628b0abd-ceed-4d64-b395-92a6a784e313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29015", "type": "seen", "source": "https://t.me/cibsecurity/22163", "content": "\u203c CVE-2020-29015 \u203c\n\nA blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-14T18:49:45.000000Z"}, {"uuid": "baffafb8-1e78-4371-a158-acb647515f56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29015", "type": "seen", "source": "https://t.me/ptswarm/43", "content": "Fortinet fixed a Post-Auth RCE in FortiWeb (CVE-2021-22123) found by our researcher Andrey Medov.\n\nThis vulnerability was part of an Unauth RCE chain submitted together with CVE-2020-29015 (Unauth SQL Injection), which was fixed by Fortinet earlier.\n\nAdvisory: https://www.fortiguard.com/psirt/FG-IR-20-120\n\nSubscribe to the PT SWARM Twitter to get updates about all of the latest vulnerabilities discovered by us.", "creation_timestamp": "2021-06-02T06:43:38.000000Z"}]}