CVE-2024-55593

Summary

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.6.0 <= 7.6.1affected
FortinetFortiWeb7.4.0 <= 7.4.6affected
FortinetFortiWeb7.2.0 <= 7.2.10affected
FortinetFortiWeb7.0.0 <= 7.0.10affected
FortinetFortiWeb6.4.0 <= 6.4.3affected
FortinetFortiWeb6.3.6 <= 6.3.23affected

Weaknesses

  • CWE-89: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References