CVE-2020-29015 is a structured query language injection (SQLi) vulnerability impacting multiple versions of Fortinet FortiWeb. A proof of concept (PoC) was not observed publicly or in the underground. A successful exploitation of this vulnerability would allow an unauthenticated attacker to remotely execute arbitrary SQL queries on the system via specially crafted request containing manipulated Authorization header.
PoC Links(if available):
Known Counter Measures:
Fortinet addressed the vulnerability in FortiWeb versions 6.3.8 or above and FortiWeb version 6.2.4 or above.
Links to patches(if available)