cbcvebase.
CVE-2020-29015
published 2021-01-14

CVE-2020-29015: A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.57%
83.2th percentile
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

Affected

3 ranges
VendorProductVersion rangeFixed in
fortinetfortiweb< 6.2.46.2.4
fortinetfortiweb
fortinetfortiweb6.3.0 – 6.3.7

Detection & IOCsextracted from sources · hover to see the quote

  • Detect blind SQL injection attempts targeting FortiWeb by inspecting the Authorization header for malicious SQL statement payloads in HTTP requests
  • Monitor FortiWeb UI endpoints for unauthenticated requests bearing anomalous or oversized Authorization headers, which may indicate SQL injection exploitation attempts
  • ·Vulnerability affects FortiWeb versions 6.3.0 through 6.3.7 and all versions before 6.2.4; detections should be scoped to these version ranges
  • ·The injection vector is specifically the Authorization header in HTTP requests to the FortiWeb management UI; WAF or IDS rules should target this header field rather than request body or URL parameters
  • ·This is a blind SQL injection (CWE-89, CVSS 9.8 Critical), meaning responses may not directly reflect injected data; detection should account for time-based or boolean-based blind SQLi patterns in the Authorization header

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.