SQL Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager
CVE-2024-35275

Currently unrated

Key Information:

Vendor: Fortinet
Status: FortiAnalyzer and FortiManager
Vendor: CVE Published:; 14 January 2025

Summary

An SQL injection vulnerability exists in Fortinet's FortiAnalyzer and FortiManager, specifically from versions 7.4.0 to 7.4.2. This flaw arises due to improper neutralization of special elements used in SQL commands. Exploiting this vulnerability allows attackers to escalate privileges through specially crafted HTTP requests. Organizations utilizing these versions should take immediate action to mitigate potential risks associated with unauthorized access and data manipulation.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-091

Timeline

Vulnerability published
Jan 14, 2025