HIGH🇬🇧 English

CVE-2025-59922

CVSS 7.2v3.1pub. 2026-01-13upd. 2026-01-14

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Forticlientems

    APP
    Fortinet
    7.0.0 – 7.2.12 (bez)7.4.0 – 7.4.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)

CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu

CVE-2024-23106HIGH8.1ten sam produkt

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through...

CVE-2026-39809MEDIUM6.7ten sam produkt

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortin...

CVE-2026-39810MEDIUM6.0ten sam produkt

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow a...