Multiple improper neutralization of special elements used in SQL commands (βSQL Injectionβ) vulnerability [CWE-89] in FortiNAC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.