Security Advisory – Fortinet FortiWeb Vulnerability

Home/Security Update/Security Advisory – Fortinet FortiWeb Vulnerability

Security Advisory – Fortinet FortiWeb Vulnerability

FortiWeb is vulnerable to a blind SQL injection

FortiWeb — CVE-2020-29015


A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

However, Fortinet has released security updates regarding this vulnerability.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

Affected Products:

The vulnerability is considered as MEDIUM severity.

FortiWeb versions 6.3.7 and below. 

FortiWeb versions 6.2.3 and below.


Please upgrade to FortiWeb versions 6.3.8 or above.

Please upgrade to FortiWeb versions 6.2.4 or above.

Vulnerability RatingCVSS v3.0CVSS v2.0
Base Score6.46.4
Base MetricsCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NCVSS v2.0/AV:N/AC:L/AU:N/C:P/I:P/A:N

Security Recommendations:

It is recommend the following actions be taken:

  • Apply appropriate updates by Fortinet to vulnerable systems, immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.


FortiWeb is vulnerable to a blind SQL injection | FortiGuard

By | 2021-01-11T21:48:34+05:30 January 11th, 2021|Security Update|

About the Author:

FirstHackersNews- Identifies Security

One Comment

  1. xmc February 21, 2021 at 9:50 pm - Reply

    Tremendous article, numerous good quality information. I am about to show my pals and ask them what they think.

Leave A Comment

Subscribe to our newsletter to receive security tips everday!