CVE-2024-55593 — SQL Injection in Fortinet Fortiweb

CWE-89 — SQL Injection4 documents4 sources

Severity

2.7LOWNVD

EPSS

0.2%

top 57.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb

Timeline

PublishedJan 14

Description

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortiweb6.3.6 — 7.6.2

▶CVEListV5fortinet/fortiweb7.6.0 — 7.6.1+5

🔴Vulnerability Details

CVEList

CVE-2024-55593: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6↗2025-01-14

▶

GHSA

GHSA-4fjp-2975-mx8w: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6↗2025-01-14

▶

📋Vendor Advisories

Fortinet

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3...↗2025-01-14

▶