CVE-2022-26116

CWE-89SQL Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.6%
top 29.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortinacFortinet Fortinet Fortinac
Timeline
PublishedMay 11
Latest updateMay 12

Description

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortinac8.5.08.5.2+8
CVEListV5fortinet/fortinet_fortinacFortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below.

🔴Vulnerability Details

2
GHSA
GHSA-86m5-hr8h-6w5v: Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 82022-05-12
CVEList
CVE-2022-26116: Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 82022-05-11

📋Vendor Advisories

1
Fortinet
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in Fo...2022-05-11
CVE-2022-26116 (HIGH CVSS 8.8) | Multiple improper neutralization of | cvebase.io