{"id":60879,"date":"2025-01-28T15:49:37","date_gmt":"2025-01-28T12:49:37","guid":{"rendered":"http:\/\/JVN#83855727"},"modified":"2025-01-28T15:49:37","modified_gmt":"2025-01-28T12:49:37","slug":"fortiweb-vulnerable-to-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/fortiweb-vulnerable-to-sql-injection\/","title":{"rendered":"FortiWeb vulnerable to SQL injection"},"content":{"rendered":"<div readability=\"33\">\n<h2>Overview<\/h2>\n<p>FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability.<\/p>\n<\/p><\/div>\n<div readability=\"33\">\n<h2>Products Affected<\/h2>\n<ul>\n<li>FortiWeb versions prior to 7.6.2<\/li>\n<\/ul>\n<p>For more information, refer to the information provided by the developer. <\/p><\/div>\n<div readability=\"33.141592920354\">\n<h2>Description<\/h2>\n<p>FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability (<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/89.html\" target=\"_blank\" rel=\"noopener\">CWE-89<\/a>, CVE-2024-55593).<\/p>\n<\/p><\/div>\n<div readability=\"32\">\n<h2>Impact<\/h2>\n<p>Information in the FortiWeb database may be obtained by a user who can log in to the product.<\/p>\n<\/p><\/div>\n<div readability=\"33\">\n<h2>Solution<\/h2>\n<p><strong>Update the software<\/strong><br \/>Update the software to the latest version according to the information provided by the developer.<br \/>The developer fixed the vulnerability in the following version:\n<\/p>\n<ul>\n<li>FortiWeb version 7.6.2 and later<\/li>\n<\/ul><\/div>\n<div readability=\"33\">\n<h2>Credit<\/h2>\n<p>Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA.<br \/>JPCERT\/CC coordinated with the developer under Information Security Early Warning Partnership.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability. Products Affected FortiWeb versions prior to 7.6.2 For more information, refer to the information provided by the developer. Description FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability (CWE-89, CVE-2024-55593). Impact Information in the FortiWeb database may be obtained by a user who &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-60879","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60879","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=60879"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60879\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=60879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=60879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=60879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}