An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiWLM may allow an unauthenticated user to taint database data and extract sensitive informations via crafted HTTP requests to alarm and device handlers.