A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 up to and including 4.4.4 and 4.2.0 up to and including 4.2.6 and 4.0.0 up to and including 4.0.5 and 3.2.0 up to and including 3.2.4 and 3.1.0 up to and including 3.1.5 and 3.0.0 up to and including 3.0.7 and 2.5.0 up to and including 2.5.2 and 2.4.0 up to and including 2.4.1 may allows malicious user to information disclosure via crafted http requests.