CVE-2022-29059 — SQL Injection in Fortinet Fortiweb

CWE-89 — SQL Injection4 documents4 sources

Severity

7.2HIGHNVD

CNA2.7

EPSS

0.1%

top 69.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb

Timeline

PublishedMar 14

Description

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiweb7.0.0 — 7.0.2+3

▶CVEListV5fortinet/fortiweb7.0.0 — 7.0.1+3

🔴Vulnerability Details

GHSA

GHSA-hh2m-m355-4q3p: An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7↗2025-03-14

▶

CVEList

CVE-2022-29059: An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7↗2025-03-14

▶

📋Vendor Advisories

Fortinet

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiW...↗2025-03-14

▶