Pervasive SQL injection in DAS component

March 12, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.

attacker code command cwe injection may requests special sql sql injection unauthenticated unauthorized vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 2 weeks, 4 days ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 2 weeks, 4 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 2 weeks, 4 days ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 2 weeks, 4 days ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 2 weeks, 4 days ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 2 weeks, 4 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 2 weeks, 4 days ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 2 weeks, 4 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 2 weeks, 4 days ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States

View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium

View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY

View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote

View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada

View on infosec-jobs.com

View more jobs

all InfoSec news

Pervasive SQL injection in DAS component

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

Security Architect (DevSecOps)

Infrastructure Security Architect

Contract Penetration Tester

Senior Penetration Tester