FortiSOAR is vulnerable to sql injection in Event Auth API via uuid parameter

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR Event Auth API may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

api attacker auth code commands cwe event injection may parameter special sql sql injection strings unauthorized uuid vulnerabilities vulnerable