An improper neutralization of special elements used in an SQL command (βSQL Injectionβ) vulnerability [CWE-89] in FortiWLM may allow an authenticated attacker to alter the query logic and execute arbitrary SQL statements via crafted HTTP requests to the AP monitor handlers.