A blind SQL injection in the user interface of FortiWeb 6.3.0 up to and including 6.3.7 and version prior to 6.2.4 may allow an unauthenticated, remote malicious user to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiweb |