CVE-2022-26120 MEDIUM

CVE-2022-26120

Vendor Fortinet
Product Fortinet FortiADC
Published July 18, 2022
Last update October 22, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Key dates

02Disclosure timeline

July 18, 2022 CVE published
October 22, 2024 Record updated