**Name of the Vulnerable Software and Affected Versions:**

Fortinet FortiWeb versions 7.0.0 through 7.6.3

Fortinet FortiWeb versions 7.2.0 through 7.2.10

Fortinet FortiWeb versions 7.4.0 through 7.4.7

**Description:**

Fortinet FortiWeb is affected by a critical SQL injection vulnerability in the `get fabric user by token` function of the Fabric Connector component. This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP or HTTPS requests, potentially leading to remote code execution (RCE). The vulnerability is triggered by improper neutralization of special elements in an SQL command. Exploitation involves sending malicious input through the `Authorization` header to specific API endpoints, such as `/api/fabric/device/status`. Attackers can leverage this vulnerability to execute commands on the system, potentially deploying webshells. Public exploits are available, and active exploitation has been observed, with approximately 223 vulnerable instances identified.

**Recommendations:**

Fortinet FortiWeb versions 7.0.0 through 7.0.10: Update to version 7.0.11 or later.

Fortinet FortiWeb versions 7.2.0 through 7.2.10: Update to version 7.2.11 or later.

Fortinet FortiWeb versions 7.4.0 through 7.4.7: Update to version 7.4.8 or later.

Fortinet FortiWeb versions 7.6.0 through 7.6.3: Update to version 7.6.4 or later.