An improper neutralization of special elements [CWE-79] used in an SQL command vulnerability (‘SQL Injection’) [CWE-89] in FortiWLM may allow an authenticated attacker to disclose sensitive information via crafted HTTP requests to various controllers.