41 matches found
EUVD-2025-208487
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...
CVE-2025-49784
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...
CVE-2025-49784
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...
CVE-2025-49784
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...
CVE-2025-49784
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...
Fortinet FortiAnalyzer和Fortinet FortiAnalyzer-BigData SQL注入漏洞
Fortinet FortiAnalyzer and Fortinet FortiAnalyzer-BigData are products of the American company Fortinet. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is primarily used to collect network log data and analyze security events, network traffic, web conten...
CVE-2024-32117
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...
CVE-2024-33501
Two improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7...
CVE-2024-33501
Two improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7...
The vulnerability of the graphical interface of Fortinet’s centralized device management solutions, FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions FortiAnalyzer, FortiAnalyzer Cloud, and FortiAnalyzer-BigData, allows a perpetrator to execute arbitrary code or commands.
The vulnerability of the graphical interface of Fortinet’s centralized device management solutions, FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions FortiAnalyzer, FortiAnalyzer Cloud, and FortiAnalyzer-BigData, exists due to the lack of measure...
CVE-2024-40584
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0...
Fortinet多款产品 操作系统命令注入漏洞
Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet Fortinet FortiManager Cloud is a cloud-based network management software...
The vulnerability of the Fortinet FortiManager software for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData tools for security event monitoring and analysis, arises from incorrect restrictions on the path to the restricted-access directory. This allows an attacker to gain access to and read/write arbitrary files in the directory.
The vulnerability of the Fortinet FortiManager software for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData security monitoring and analysis tools, is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this...
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, allows a malicious individual to read arbitrary files from the root file system.
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData event monitoring and analysis tools, is related to an incorrect limitation on the path name to the restricted directory. Exploiting...
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, allows a perpetrator to execute arbitrary code.
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, exists due to the failure to take measures to neutralize specific elements. Exploiting...
CVE-2024-35274
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read...
CVE-2024-32117
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...
CVE-2024-32117
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...
CVE-2024-23666
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...
CVE-2023-44255
An exposure of sensitive information to an unauthorized actor CWE-200 in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP o...