cbcvebase.
CVE-2022-26120
published 2022-07-18

CVE-2022-26120: Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0…

high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected

5 ranges
VendorProductVersion rangeFixed in
fortinetfortiadc
fortinetfortiadc
fortinetfortiadc
fortinetfortiadc>= 5.0.0 < 6.2.36.2.3
fortinetfortinet_fortiadc