CVE-2020-29015 – Fortinet / FortiWeb – SQLi

August 24, 2021

CVE-2020-29015 is a structured query language injection (SQLi) vulnerability impacting multiple versions of Fortinet FortiWeb. A proof of concept (PoC) was not observed publicly or in the underground. A successful exploitation of this vulnerability would allow an unauthenticated attacker to remotely execute arbitrary SQL queries on the system via specially crafted request containing manipulated Authorization header.

Summary:

CVE-2020-29015 is a structured query language injection (SQLi) vulnerability impacting multiple versions of Fortinet FortiWeb. A proof of concept (PoC) was not observed publicly or in the underground. A successful exploitation of this vulnerability would allow an unauthenticated attacker to remotely execute arbitrary SQL queries on the system via specially crafted request containing manipulated Authorization header.

PoC Links(if available):

Known Counter Measures:

Fortinet addressed the vulnerability in FortiWeb versions 6.3.8 or above and FortiWeb version 6.2.4 or above.

Links to patches(if available)

https://www.fortiguard.com/psirt/FG-IR-20-124

Tags:

You may have missed

CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

April 20, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 20, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 20, 2024
CISA Logo

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

April 20, 2024
CISA Logo

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

April 20, 2024