An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability [CWE-89] in FortiWLM may allow an authenticated attacker to alter the query logic and execute arbitrary SQL statements via crafted HTTP requests to the AP monitor handlers.