5 matches found
CVE-2020-29015
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement...
Fortinet FortiWeb sqli (FG-IR-20-124)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-124 advisory. - A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an...
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall WAF appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface...
CVE-2020-29015
creationtimestamp| type| source ---|---|--- 2021-01-14 18:49:45+00:00| seen| https://t.me/cibsecurity/22163 2021-06-02 06:43:38+00:00| seen| https://t.me/ptswarm/43 2024-11-14 06:09:42+00:00| seen| MISP/4acf1d49-6b23-4d04-9888-244468b25710...
CVE-2020-29015
CVE-2020-29015 describes a blind SQL injection in Fortinet FortiWeb’s UI that affects FortiWeb versions 6.3.0–6.3.7 and versions prior to 6.2.4. The vulnerability allows an unauthenticated, remote attacker to craft an Authorization header containing malicious SQL to execute arbitrary queries or c...