Required CVE Record Information
Description
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 9.8 | CRITICAL | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C |
References 1 Total
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 1 Total
- https://fortiguard.com/psirt/FG-IR-21-062 x_transferred