Security Advisory – Fortinet FortiWeb Vulnerability

Home/Security Update/Security Advisory – Fortinet FortiWeb Vulnerability

Security Advisory – Fortinet FortiWeb Vulnerability

FortiWeb is vulnerable to a blind SQL injection

FortiWeb — CVE-2020-29015


A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

However, Fortinet has released security updates regarding this vulnerability.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

Affected Products:

The vulnerability is considered as MEDIUM severity.

FortiWeb versions 6.3.7 and below. 

FortiWeb versions 6.2.3 and below.


Please upgrade to FortiWeb versions 6.3.8 or above.

Please upgrade to FortiWeb versions 6.2.4 or above.

Vulnerability RatingCVSS v3.0CVSS v2.0
Base Score6.46.4
Base MetricsCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NCVSS v2.0/AV:N/AC:L/AU:N/C:P/I:P/A:N

Security Recommendations:

It is recommend the following actions be taken:

  • Apply appropriate updates by Fortinet to vulnerable systems, immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.


FortiWeb is vulnerable to a blind SQL injection | FortiGuard

By | 2021-01-11T21:48:34+05:30 January 11th, 2021|Security Update|

About the Author:

FirstHackersNews- Identifies Security


  1. xmc February 21, 2021 at 9:50 pm - Reply

    Tremendous article, numerous good quality information. I am about to show my pals and ask them what they think.

  2. MC March 6, 2021 at 8:15 am - Reply

    This domain seems to get a great deal of visitors. How do you promote it? It gives a nice unique twist on things. I guess having something useful or substantial to post about is the most important thing.

  3. Links.M106.COM June 3, 2021 at 4:19 pm - Reply

    This is a different sort of opinion that many people dont usually talk about. Usually when I find stuff like this I stumble it. This article probably wont do well with that crowd. Ill look around and find another article that may work.

Leave A Comment

Subscribe to our newsletter to receive security tips everday!