**Name of the Vulnerable Software and Affected Versions**

Fortinet FortiWeb versions 7.0.0 through 7.6.3, 7.4.0 through 7.4.7, and 7.2.0 through 7.2.10

**Description**

Fortinet FortiWeb contains a SQL injection flaw (CWE-89) that allows unauthenticated attackers to execute unauthorized SQL code or commands via crafted HTTP or HTTPS requests. Exploitation of this vulnerability can lead to remote code execution (RCE). Public exploits are available, and active exploitation has been observed, with numerous systems already compromised. The vulnerability resides in the `get fabric user by token` function and is triggered by specially crafted input in the Authorization header when interacting with specific API endpoints. Attackers can leverage the `INTO OUTFILE` instruction in MySQL, combined with techniques like using the `UNHEX()` function and exploiting site-specific Python configurations, to achieve code execution. Approximately 20,000+ devices are estimated to be exposed.

**API Endpoints:** /api/fabric/device/status

**Vulnerable Parameters or Variables:** `Authorization` header

**Recommendations**

Update to FortiWeb version 7.6.4 or later.

Update to FortiWeb version 7.4.8 or later.

Update to FortiWeb version 7.2.11 or later.

Update to FortiWeb version 7.0.11 or later.