Primary

Context

Fortinet FortiClientEMS Authenticated SQL Injection Vulnerability

Vulnerability

Patched

A SQL injection vulnerability has been identified in Fortinet FortiClientEMS versions 7.4.3 through 7.4.4, 7.4.0 through 7.4.1, 7.2.0 through 7.2.10, and all versions of 7.0. This vulnerability allows an authenticated attacker with at least read-only admin permissions to execute unauthorized SQL commands. The issue arises from improper neutralization of special elements in SQL commands, and can be exploited via crafted HTTP or HTTPS requests.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of SQL code or commands, potentially allowing for manipulation of the database or extraction of sensitive information.

Remediation

Users can upgrade to FortiClientEMS 7.4.5 or above, or FortiClientEMS 7.2.12 or above. FortiClientEMS 7.0 users should migrate to a fixed release.

Added: Jan 13, 2026, 5:29 PM

Updated: Jan 13, 2026, 5:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiClientEMS Authenticated SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiClientEMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating