Fortinet FortiWeb SQL Injection Vulnerability Allowing Unauthenticated Code Execution

A SQL injection vulnerability has been identified in Fortinet FortiWeb versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.7, 7.2.0 to 7.2.10, and below 7.0.10. This vulnerability allows an unauthenticated attacker to execute unauthorized SQL commands by sending crafted HTTP or HTTPS requests.

Impact

Exploitation of this vulnerability allows for unauthorized execution of SQL commands, which could lead to manipulation of the database or execution of additional code, depending on the application's database handling.

Reproduction

The vulnerability can be reproduced by sending HTTP or HTTPS requests that include crafted SQL commands. This can be done using tools that allow for HTTP request manipulation, such as Burp Suite or Postman. The SQL injection can be targeted at any input field that is not properly sanitized before being processed by the application's SQL database.

Remediation

Users are advised to upgrade Fortinet FortiWeb to version 7.6.4 or above, 7.4.8 or above, 7.2.11 or above, or 7.0.11 or above, depending on their current version. Additionally, the HTTP or HTTPS administrative interface can be disabled as a temporary workaround.