CVE-2019-9193 PostgreSQL allows OS level commands via COPY SQL function
Summary
An OS command injection vulnerability in FortiManager and FortiAnalyzer may allow a privileged system administrator to run OS level commands on the system via injecting commands in SQL queries.
Affected Products
FortiAnalyzer 6.2.0 to 6.2.3, 6.0.8 and below FortiAnalyzer 6.2.0 to 6.2.3, 6.0.8 and below FortiManager 6.2.0 to 6.2.3, 6.0.8 and below FortiManager 6.2.0 to 6.2.3, 6.0.8 and belowSolutions
FortiAnalyzer upgrade to 6.0.9 or 6.2.4 or above FortiManager upgrade to 6.0.9 or 6.2.4 or above FortiAnalyzer upgrade to 6.0.9 or 6.2.4 or above FortiManager upgrade to 6.0.9 or 6.2.4 or aboveAcknowledgement
Fortinet is pleased to thank "Renee Trisberg from SpectX ( https://www.spectx.com/ )" and "Chris Armstrong from CSCI, Inc" for reporting this vulnerability under responsible disclosure.References
- PostgreSQL CVE-2019-9193