CVE-2024-55593

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 6.3.17 through 7.6.1

Description The issue is related to an improper neutralization of special elements used in an SQL command, also known as 'SQL injection', which allows an attacker to gain information disclosure via crafted SQL queries.

Recommendations For Fortinet FortiWeb versions 6.3.17 through 7.6.1, consider disabling any functionality that allows user-inputted data to be executed as SQL commands until a patch is available. Restrict access to sensitive data and SQL queries to minimize the risk of exploitation. Avoid using user-inputted data in SQL queries until the issue is resolved.