FortiWeb is vulnerable to a blind SQL injection
FortiWeb — CVE-2020-29015
Summary:
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
However, Fortinet has released security updates regarding this vulnerability.
Follow Us on: Twitter, Instagram, Facebook to get latest security news!
Affected Products:
The vulnerability is considered as MEDIUM severity.
FortiWeb versions 6.3.7 and below.
FortiWeb versions 6.2.3 and below.
Solutions:
Please upgrade to FortiWeb versions 6.3.8 or above.
Please upgrade to FortiWeb versions 6.2.4 or above.
| Vulnerability Rating | CVSS v3.0 | CVSS v2.0 |
| Base Score | 6.4 | 6.4 |
| Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | CVSS v2.0/AV:N/AC:L/AU:N/C:P/I:P/A:N |
Security Recommendations:
It is recommend the following actions be taken:
- Apply appropriate updates by Fortinet to vulnerable systems, immediately after appropriate testing.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.
Reference:
FortiWeb is vulnerable to a blind SQL injection | FortiGuard
Tremendous article, numerous good quality information. I am about to show my pals and ask them what they think.
This domain seems to get a great deal of visitors. How do you promote it? It gives a nice unique twist on things. I guess having something useful or substantial to post about is the most important thing.
This is a different sort of opinion that many people dont usually talk about. Usually when I find stuff like this I stumble it. This article probably wont do well with that crowd. Ill look around and find another article that may work.