Fortinet FortiWeb SQL Injection Vulnerability in Multiple Versions

Vulnerability

A SQL injection vulnerability has been identified in Fortinet FortiWeb versions through 7.0.1, through 6.4.2, through 6.3.20, and through 6.2.7. This vulnerability allows a privileged attacker to execute SQL commands on the log database by using specially crafted string parameters.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of SQL commands, potentially allowing for manipulation of the log database or extraction of sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiWeb SQL Injection Vulnerability in Multiple Versions

Vulnerability

Impact

Affected Products

Fortinet FortiWeb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating