A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HFortinet Forticlientems
APPFortinet7.0.0 – 7.0.137.2.0 – 7.2.13 (bez)7.4.0 – 7.4.6 (bez)
Related vulnerabilities
Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)
SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89]...
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through...
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow a...