Sql injection

2023-11-1418:15:00

PRIOn knowledge base

www.prio-n.com

fortinet fortiwlm

sql injection

unauthorized code execution

security vulnerability

http request

nvd

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.3%

JSON

A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.

CPENameOperatorVersion
fortiwlmeq8.2.2
fortiwlmge8.6.0
fortiwlmle8.6.5
fortiwlmge8.5.0
fortiwlmle8.5.4
fortiwlmeq8.3.0
fortiwlmeq8.3.1
fortiwlmeq8.3.2
fortiwlmeq8.4.0
fortiwlmeq8.4.1

Name	Operator	Version
fortiwlm	eq	8.2.2
fortiwlm	ge	8.6.0
fortiwlm	le	8.6.5
fortiwlm	ge	8.5.0
fortiwlm	le	8.5.4
fortiwlm	eq	8.3.0
fortiwlm	eq	8.3.1
fortiwlm	eq	8.3.2
fortiwlm	eq	8.4.0
fortiwlm	eq	8.4.1

Rows per page:

1-10 of 111

References

fortiguard.com/psirt/FG-IR-23-142