FortiADC - SQL injection vulnerability in configuration backup feature

2022-12-0600:00:00

FortiGuard Labs

www.fortiguard.com

fortiadc

sql injection

configuration backup

vulnerability

cwe-89

authenticated attacker

unauthorized code

http requests

0.001 Low

EPSS

Percentile

37.2%

JSON

An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiADC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CPENameOperatorVersion
fortiadceq7.1.0
fortiadceq7.0.3
fortiadceq7.0.2
fortiadceq7.0.1
fortiadceq7.0.0
fortiadceq6.2.4
fortiadceq6.2.3
fortiadceq6.2.2
fortiadceq6.2.1
fortiadceq6.2.0

Name	Operator	Version
fortiadc	eq	7.1.0
fortiadc	eq	7.0.3
fortiadc	eq	7.0.2
fortiadc	eq	7.0.1
fortiadc	eq	7.0.0
fortiadc	eq	6.2.4
fortiadc	eq	6.2.3
fortiadc	eq	6.2.2
fortiadc	eq	6.2.1
fortiadc	eq	6.2.0

Rows per page:

1-10 of 451

0.001 Low

EPSS

Percentile

37.2%

JSON

Related for FG-IR-22-252