Fortinet FortiClientEMS 7.4.4 - SQL Injection
Fortinet FortiClientEMS version 7.4.4 and earlier contains an unauthenticated SQL injection vulnerability in the /api/v1/initconsts endpoint. The 'Site' HTTP header value is passed directly into the PostgreSQL searchpath without sanitization, allowing remote unauthenticated attackers to inject...