FortiWLM - SQL Injection in script handlers

2021-11-0200:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

28.4%

JSON

An improper neutralization of special elements [CWE-79]Â used in an SQL command vulnerabilityÂ (‘SQL Injection’) [CWE-89] in FortiWLM may allow an authenticated attacker to disclose sensitive informationÂ via crafted HTTP requests to various controllers.

CPENameOperatorVersion
fortiwlmeq8.6.1
fortiwlmeq8.6.0
fortiwlmeq8.5.3
fortiwlmeq8.5.2
fortiwlmeq8.5.1
fortiwlmeq8.5.0
fortiwlmeq8.4.2
fortiwlmeq8.4.1
fortiwlmeq8.4.0
fortiwlmeq8.3.2

Name	Operator	Version
fortiwlm	eq	8.6.1
fortiwlm	eq	8.6.0
fortiwlm	eq	8.5.3
fortiwlm	eq	8.5.2
fortiwlm	eq	8.5.1
fortiwlm	eq	8.5.0
fortiwlm	eq	8.4.2
fortiwlm	eq	8.4.1
fortiwlm	eq	8.4.0
fortiwlm	eq	8.3.2

Rows per page:

1-10 of 131

0.001 Low

EPSS

Percentile

28.4%

JSON

Related for FG-IR-21-107